External risk intelligence

Echelon SmartServer and i.LON Authentication Exposure

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2018-10627

Echelon SmartServer and i.LON devices are impacted, allowing attackers to retrieve and change sensitive configuration data like usernames and passwords. This presents a business risk of unauthorized system access and modification.

4Halo Surface Signal

Information Disclosure

Echelon Smartserver 1 Firmware

before 4.11.007

External exposure likelihood

Halo Surface Signal score for CVE-2018-10627

The affected products are industrial control system gateways and smart servers designed to manage networked devices and often provide remote web and FTP management interfaces. These appliances are frequently deployed at the network edge or in roles that require connectivity for management and data exchange, making public-facing or externally reachable deployment a common configuration.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

The identified vulnerability affects Echelon SmartServer and i.LON products. It allows an unauthorized party to access sensitive configuration details, including usernames and passwords for web and FTP servers. This exposure could lead to unauthorized access and modification of critical system settings.

  • Vulnerable Echelon SmartServer and i.LON products
  • Allows retrieval and change of sensitive credentials
  • Risk of unauthorized system access

Attack Path

How an attacker could exploit the issue

This vulnerability allows an attacker to access sensitive configuration details, including usernames and passwords, through the SOAP API. The attack exploits the network accessibility of the affected devices, enabling an attacker with no prior authentication to compromise configuration data. This could lead to unauthorized access to managed systems via web or FTP interfaces.

  • Exposure via network access.
  • Attacker accesses SOAP API.
  • Retrieve and change sensitive data.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability affects Echelon SmartServer 1 and SmartServer 2, as well as i.LON 100 devices. An attacker could exploit this by using the SOAP API to access and modify sensitive configuration details, including usernames and passwords for web and FTP servers. The impact could allow unauthorized control over these systems and data, posing a significant business risk.

  • Likely attacker skill level: Low.
  • Required access or conditions: Network access.
  • Business risk or urgency: High.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The identified vulnerability allows unauthorized access to sensitive configuration data, including usernames and passwords, through the SOAP API. This could impact the confidentiality and integrity of system configurations. Organizations utilizing affected Echelon products should prioritize identifying and securing these devices to mitigate potential risks.

  • Find affected Echelon devices.
  • Reduce exposure or isolate risk.
  • Fix, verify, and monitor.

Frequently asked questions

What are Echelon SmartServer and i.LON products and what is their function in industrial control systems?

Echelon SmartServer 1, SmartServer 2, and i.LON 100 are industrial control system gateways and smart servers. They are used to manage networked devices, often providing remote web and FTP management interfaces for data exchange and system control.

What is CVE-2018-10627 and what is its weakness class?

CVE-2018-10627 is an information exposure vulnerability (CWE-200). It allows an attacker to use the SOAP API to retrieve and change sensitive configuration items, such as usernames and passwords for web and FTP servers, without proper authentication.

How can CVE-2018-10627 be triggered, and what is the scope of the impact?

An attacker can exploit this vulnerability by accessing the SOAP API over the network. This allows them to retrieve and modify sensitive configuration data, potentially leading to unauthorized access to managed systems via web or FTP interfaces. The vulnerability is classified as external due to network attack vector.

What is the relevance of CVE-2018-10627 for industrial systems?

This vulnerability affects Echelon SmartServer and i.LON products, which are industrial control system gateways. Exploitation could lead to unauthorized control and data compromise, posing a significant business risk due to the critical nature of these systems. The Halo Surface Signal indicates a 'Likely' threat due to common deployment scenarios at network edges.

What steps should be taken to address the Echelon SmartServer and i.LON vulnerability?

Organizations should identify all affected Echelon devices, reduce their exposure, or isolate them. Prioritizing the remediation of these systems is crucial to mitigate potential risks associated with unauthorized access to sensitive configuration data.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified