CVE-2026-22885

Summary

A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in a memory leak from the program's memory.

Affected Software

VendorProductVersion RangeStatus
EnOcean Edge IncSmartServer IoT0 <= 4.60.009affected
EnOcean Edge IncSmartServer IoT4.60.023unaffected

Weaknesses

  • CWE-125: CWE-125

Workarounds

For additional mitigations and workarounds, refer to EnOcean's hardening guide at https://enoceanwiki.atlassian.net/wiki/spaces/IEC/pages/288063529/Enhancing+Security .

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References