CVE-2018-8859

Name: CVE-2018-8859 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2018-8859

CRITICAL

CVSS v3.1: 9.8 · EPSS: 0.0031 (54.5 percentile)

NetworkNo privilegesNo user interactionImproper AuthenticationVendor advisory ref

Source data as of: 2026-06-03 05:00:11 UTC

At a glance

Severity: CRITICAL
CVSS: 9.8 v3.1 · NVD
EPSS: 0.0031 (54.5 percentile) · FIRST.org
CISA KEV: No
Type: Improper Authentication · NVD CWE
Attack conditions (CVSS vector): NetworkNo privilegesNo user interaction · Source: NVD Vector
Affected vendors: echelon
Published: 2018-07-24 · Modified: 2026-06-02
References: Jump to references (1)

CVSS / EPSS / KEV

CVSS v3.1 9.8 / 10 CRITICAL Source: NVD

EPSS 0.0031 54.5 percentile Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product.

Record details

CVE ID: CVE-2018-8859
CVSS (v3.1): 9.8 (CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability subscore: 3.9
Impact subscore: 5.9
EPSS: 0.0031 (54.5 percentile) — 2026-06-03
CISA KEV: No
Weakness (CWE): CWE-288, CWE-287
Affected vendors: echelon
Affected configurations (CPE): 4
Published: 2018-07-24
Modified: 2026-06-02
Status: Modified

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

Vendor advisory https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03

← Back to all records

CVE-2018-8859

At a glance

CVSS / EPSS / KEV

Description

Record details

References

Related records

Same affected vendor

Same weakness type (CWE)

Published the same year