Details of VAR-201305-0367

ID

VAR-201305-0367

TITLE

Echelon i.LON Multiple Product Default Account Vulnerabilities

Trust: 0.8

sources: IVD: bcf40316-1f24-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05431

DESCRIPTION

Echelon i.LON is a smart energy management server. By default, multiple Echelon i.LON products are installed with a default account and password, such as 'ilon/ilon', allowing an attacker to use these accounts to access programs or systems

Trust: 0.72

sources: CNVD: CNVD-2013-05431 // IVD: bcf40316-1f24-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: bcf40316-1f24-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05431

AFFECTED PRODUCTS

vendor:	echelon	model:	i.lon smartserver	scope:	eq	version:	2.0	Trust: 0.8
vendor:	echelon	model:	i.lon lonworks/ip server	scope:	eq	version:	600	Trust: 0.6
vendor:	echelon	model:	i.lon 100e4 internet server	scope:	-	version:	-	Trust: 0.6
vendor:	echelon	model:	i.lon lonworks/ip server	scope:	eq	version:	600*	Trust: 0.2
vendor:	echelon	model:	i.lon 100e4 internet server	scope:	eq	version:	*	Trust: 0.2

sources: IVD: bcf40316-1f24-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05431

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-05431
value:	HIGH
Trust: 0.6
IVD:	bcf40316-1f24-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2013-05431
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	bcf40316-1f24-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: bcf40316-1f24-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05431

TYPE

other

Trust: 0.2

sources: IVD: bcf40316-1f24-11e6-abef-000c29c66e3d

EXTERNAL IDS

db:	CNVD	id:	CNVD-2013-05431	Trust: 0.8
db:	IVD	id:	BCF40316-1F24-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: bcf40316-1f24-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05431

REFERENCES

url:

http://dariusfreamon.wordpress.com/2013/05/10/echelon-i-lon-defaults/

Trust: 0.6

sources: CNVD: CNVD-2013-05431

SOURCES

db:	IVD	id:	bcf40316-1f24-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-05431

LAST UPDATE DATE

2022-05-17T01:43:25.236000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2013-05431

date:

2013-05-20T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	bcf40316-1f24-11e6-abef-000c29c66e3d	date:	2013-05-16T00:00:00
db:	CNVD	id:	CNVD-2013-05431	date:	2013-05-16T00:00:00