EnOcean SmartServer Flaws Expose Buildings to Remote Hacking
Two critical vulnerabilities were discovered in EnOcean's SmartServer IoT platform, enabling remote attackers to bypass security controls and execute arbitrary code with root privileges. These flaws affect internet-exposed SmartServer devices used in building automation, potentially allowing full takeover of Linux-based systems managing smart buildings, factories, and data centers. The vulnerabilities, tracked as CVE-2026-22885 and CVE-2026-20761, involve improper validation of packet input leading to memory protection bypass and remote code execution. EnOcean has released SmartServer 4. 6 update 2 (4. 60. 023) to address these issues. Legacy i. LON devices are also impacted. Claroty researchers have published technical details and proof-of-concept exploits.
AI Analysis
Technical Summary
Claroty researchers identified two vulnerabilities in EnOcean SmartServer, a multi-protocol gateway and edge controller for building automation. The first vulnerability (CVE-2026-22885) is a security bypass flaw, and the second (CVE-2026-20761) allows remote code execution. Exploitation involves improper validation of packet input, enabling attackers to manipulate system call arguments, bypass memory protections, leak memory, and execute arbitrary commands with root privileges on the Linux-based device. This could lead to full compromise of building management systems connected to the internet. EnOcean has issued a patch in SmartServer version 4.6 update 2 (4.60.023) to remediate these vulnerabilities. Legacy i.LON devices are also affected.
Potential Impact
Successful exploitation can result in complete takeover of EnOcean SmartServer devices, granting attackers root-level access and arbitrary code execution capabilities. This compromises the integrity and availability of building management and automation systems, potentially affecting smart buildings, factories, and data centers relying on these devices. The vulnerabilities enable remote attackers to bypass security protections and execute malicious commands remotely. No active exploitation in the wild has been reported at the time of disclosure.
Mitigation Recommendations
EnOcean has released an official patch in SmartServer version 4.6 update 2 (4.60.023) that addresses these vulnerabilities. Users should apply this update promptly to mitigate the risk. The vendor advisory confirms the availability of this fix. No additional mitigation steps are specified beyond applying the official update. Legacy i.LON device users should verify patch availability or vendor guidance for those products.
EnOcean SmartServer Flaws Expose Buildings to Remote Hacking
Description
Two critical vulnerabilities were discovered in EnOcean's SmartServer IoT platform, enabling remote attackers to bypass security controls and execute arbitrary code with root privileges. These flaws affect internet-exposed SmartServer devices used in building automation, potentially allowing full takeover of Linux-based systems managing smart buildings, factories, and data centers. The vulnerabilities, tracked as CVE-2026-22885 and CVE-2026-20761, involve improper validation of packet input leading to memory protection bypass and remote code execution. EnOcean has released SmartServer 4. 6 update 2 (4. 60. 023) to address these issues. Legacy i. LON devices are also impacted. Claroty researchers have published technical details and proof-of-concept exploits.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Claroty researchers identified two vulnerabilities in EnOcean SmartServer, a multi-protocol gateway and edge controller for building automation. The first vulnerability (CVE-2026-22885) is a security bypass flaw, and the second (CVE-2026-20761) allows remote code execution. Exploitation involves improper validation of packet input, enabling attackers to manipulate system call arguments, bypass memory protections, leak memory, and execute arbitrary commands with root privileges on the Linux-based device. This could lead to full compromise of building management systems connected to the internet. EnOcean has issued a patch in SmartServer version 4.6 update 2 (4.60.023) to remediate these vulnerabilities. Legacy i.LON devices are also affected.
Potential Impact
Successful exploitation can result in complete takeover of EnOcean SmartServer devices, granting attackers root-level access and arbitrary code execution capabilities. This compromises the integrity and availability of building management and automation systems, potentially affecting smart buildings, factories, and data centers relying on these devices. The vulnerabilities enable remote attackers to bypass security protections and execute malicious commands remotely. No active exploitation in the wild has been reported at the time of disclosure.
Mitigation Recommendations
EnOcean has released an official patch in SmartServer version 4.6 update 2 (4.60.023) that addresses these vulnerabilities. Users should apply this update promptly to mitigate the risk. The vendor advisory confirms the availability of this fix. No additional mitigation steps are specified beyond applying the official update. Legacy i.LON device users should verify patch availability or vendor guidance for those products.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/enocean-smartserver-flaws-expose-buildings-to-remote-hacking/","fetched":true,"fetchedAt":"2026-04-30T12:06:23.895Z","wordCount":882}
Threat ID: 69f345bfcbff5d8610d8a53c
Added to database: 4/30/2026, 12:06:23 PM
Last enriched: 4/30/2026, 12:06:33 PM
Last updated: 5/1/2026, 3:33:59 AM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.