SB2018072009 - Multiple vulnerabilities in Echelon SmartServer 1, SmartServer 2, i.LON 100 and i.LON 60

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Authentication bypass (CVE-ID: CVE-2018-8859)

The vulnerability allows a remote attacker to bypass authentication on the target system.

The vulnerability exists due to an error when using an alternate path or channel. A remote unauthenticated attacker can include extra characters in the directory name when specifying the directory to be accessed and bypass the required authentication specified in the security configuration file.

2) Privilege escalation (CVE-ID: CVE-2018-8851)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to storage of credentials in plaintext. A remote unauthenticated attacker with access to the configuration file can log into the SmartServer web user interface.

3) Security restrictions bypass (CVE-ID: CVE-2018-8855)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the devices allow unencrypted Web connections by default. A remote unauthenticated attacker can cause the devices to receive configuration and firmware updates by unsecure FTP.

Remediation

Install update from vendor's website.

References

• https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03