September 18, 2018

The NCCIC has updated this advisory with additional details on the vulnerability and mitigation measures. NCCIC/ICS-CERT.

July 19, 2018

The NCCIC has released an advisory on information exposure, authentication bypass using an alternate path or channel, unprotected storage of credentials, and cleartext transmission of sensitive information vulnerabilities in Echelon SmartServer 1, SmartServer 2, SmartServer 3, i.LON 100, i.LON 600. Numerous versions of these products are affected. Successful exploitation of these vulnerabilities could allow for remote code execution on the device. Echelon recommends users download a service pack and a series of mitigation measures. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.