TXOne Networks
Hero background

CVE-2022-3089

Last Updated: February 13, 2023

Echelon SmartServer 2.2 with i.LON Vision 2.2 Use of Hard-coded Credentials Vulnerability

CVE IDCVE-2022-3089
SeverityMedium
Affected VendorsEnOcean Edge Inc.
Affected ProductsEnOcean SmartServer: v2.2 SR8/SP8 (4.12.006) with i.LON Vision v2.2 SR8/SP8 (4.12.006)
Vulnerability DetailsThe affected product, Echelon SmartServer 2.2 with i.LON Vision 2.2, stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server.
Solutions & RulesFixed in SmartServer 3.5 Update 2 (v3.52.003)
CreditChizuru Toyama of TXOne Networks

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

security@txone.com