BACK TO NEWS
CERT AdvisoriesLow

Critical Vulnerabilities in EnOcean SmartServer IoT Enable Remote Code Execution

2 min readSource: CISA Cybersecurity Advisories

CISA warns of severe flaws in EnOcean SmartServer IoT (CVE-2026-25544, CVE-2026-25545) allowing remote code execution and ASLR bypass. Patch immediately.

Critical Flaws in EnOcean SmartServer IoT Expose Systems to Remote Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed multiple critical vulnerabilities in EnOcean SmartServer IoT that could enable threat actors to execute arbitrary code remotely and bypass Address Space Layout Randomization (ASLR) security protections. The advisory, published under ICSA-26-050-01, highlights severe risks to operational technology (OT) environments.

Technical Details of the Vulnerabilities

The affected product, EnOcean SmartServer IoT, is used for building automation and IoT device management. The vulnerabilities impact the following versions:

  • SmartServer IoT (all versions prior to 4.0.1.49)
  • SmartServer IoT Edge (all versions prior to 4.0.1.49)

CISA’s advisory identifies two primary vulnerabilities:

  1. CVE-2026-25544 – A remote code execution (RCE) flaw allowing unauthenticated attackers to execute arbitrary commands on vulnerable systems.
  2. CVE-2026-25545 – An ASLR bypass vulnerability that weakens memory protection mechanisms, increasing the likelihood of successful exploitation.

No public exploits are currently known, but the severity of these flaws warrants immediate action.

Impact Analysis

Successful exploitation of these vulnerabilities could lead to:

  • Unauthorized control of building automation systems.
  • Disruption of critical OT operations, including HVAC, lighting, and security systems.
  • Lateral movement within networks, potentially compromising additional IoT and industrial control systems (ICS).

Given the widespread use of EnOcean SmartServer IoT in commercial and industrial facilities, these flaws pose a significant risk to physical and cybersecurity infrastructure.

Recommended Mitigations

CISA urges organizations using affected versions to:

  1. Apply the latest patch (v4.0.1.49 or later) immediately to mitigate both vulnerabilities.
  2. Isolate OT networks from corporate IT environments to limit exposure.
  3. Monitor for suspicious activity using intrusion detection/prevention systems (IDS/IPS).
  4. Restrict remote access to SmartServer IoT devices, enforcing strict authentication controls.

For further details, refer to the full CSAF advisory.

Original advisory published by CISA: ICSA-26-050-01

Share

TwitterLinkedIn