20 matches found
CVE-2026-20761
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device...
CVE-2026-22885
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in a memory leak from the program's memory...
CVE-2026-20761
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device...
CVE-2026-22885
CVE-2026-22885 affects EnOcean SmartServer IoT prior to version 4.60.009. The vulnerability lies in LON IP-852 management messages, where remote attackers can send specially crafted IP-852 messages that trigger a memory leak in the running process. Public documentation across NVD/Red Hat/CVE reco...
CVE-2026-22885 EnOcean SmartServer IoT Out-of-bounds Read
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in a memory leak from the program's memory...
CVE-2026-22885
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in a memory leak from the program's memory...
CVE-2026-22885 EnOcean SmartServer IoT Out-of-bounds Read
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in a memory leak from the program's memory...
CVE-2026-20761 EnOcean SmartServer IoT Command Injection
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device...
CVE-2026-20761
CVE-2026-20761 affects EnOcean SmartServer IoT prior to 4.60.009. A remote attacker can exploit the LON IP-852 management message handling to execute arbitrary OS commands on the device. Public sources concur on this impact; no exploit details are provided in the documents. The Red Hat advisory a...
CVE-2026-20761
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device...
CVE-2026-20761 EnOcean SmartServer IoT Command Injection
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device...
PT-2026-21022
Name of the Vulnerable Software and Affected Versions EnOcean SmartServer IoT versions prior to 4.60.009 Description A flaw exists that could allow remote attackers to cause a memory leak. This can occur by sending specially crafted IP-852 messages within LON IP-852 management messages...
EnOcean SmartServer IoT 缓冲区错误漏洞
EnOcean SmartServer IoT is a multi-protocol IoT edge server developed by the German company EnOcean. Versions of EnOcean SmartServer IoT prior to 4.60.009 contain a buffer error vulnerability, which stems from improper handling of LON IP-852 management messages, potentially leading to memory leak...
PT-2026-21021
Name of the Vulnerable Software and Affected Versions EnOcean SmartServer IoT versions prior to 4.60.009 Description A flaw exists that allows remote attackers to execute arbitrary operating system commands on the device. The issue is due to the ability to send specially crafted IP-852 messages...
EnOcean SmartServer IoT 命令注入漏洞
EnOcean SmartServer IoT is a multi-protocol IoT edge server developed by the German company EnOcean. Versions of EnOcean SmartServer IoT prior to 4.60.009 contain a command injection vulnerability. This vulnerability arises from improper handling of specially crafted IP-852 messages, which may...
EnOcean SmartServer IoT
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely execute arbitrary code and bypass ASLR. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
CVE-2022-3089 EnOcean SmartServer Hard-coded credentials
Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file...
CVE-2022-3089 EnOcean SmartServer Hard-coded credentials
Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file...
EnOcean SmartServer
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low attack complexity Vendor: EnOcean Edge Inc, a subsidiary of EnOcean GmbH Equipment: SmartServer with i.LON Vision Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on February 7, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical...