MEDIUM🇵🇱 Wersja polska

CVE-2022-3089

CVSS 6.3v3.1pub. 2023-02-13upd. 2024-11-21

Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H
  • Echelon I.lon Vision

    APP
    Echelon
    2.2
  • Echelon Smartserver

    HW
    Echelon
    2.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2018-10627CRITICAL9.8ten sam vendor

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versio...

CVE-2018-8851CRITICAL9.8ten sam vendor

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versio...

CVE-2018-8855CRITICAL9.8ten sam vendor

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versio...

CVE-2018-8859CRITICAL9.8ten sam vendor

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versio...