Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
3.7
EnOcean SmartServer IoT (versions prior to 4.60.009) - Remote Memory Leak
CVE-2026-22885
Summary
A security issue affects older versions of EnOcean SmartServer IoT, allowing hackers to remotely send malicious messages that can cause the system to run out of memory. This could lead to the server crashing or becoming unstable. To protect your system, update to version 4.60.009 or later.
Original title
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and
prior, which would allow remote attackers, in the LON IP-852 management
messages, to send specially crafted IP-852 messages ...
Original description
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and
prior, which would allow remote attackers, in the LON IP-852 management
messages, to send specially crafted IP-852 messages resulting in a
memory leak from the program's memory.
prior, which would allow remote attackers, in the LON IP-852 management
messages, to send specially crafted IP-852 messages resulting in a
memory leak from the program's memory.
nvd CVSS3.1
3.7
Vulnerability type
CWE-125
Out-of-bounds Read
- https://enoceanwiki.atlassian.net/wiki/spaces/DrftSSIoT/pages/1475410/SmartServe...
- https://enoceanwiki.atlassian.net/wiki/spaces/IEC/pages/288063529/Enhancing+Secu...
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-05...
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-01
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026