Primary

Context

EnOcean SmartServer IoT Out-of-Bounds Read Vulnerability Allowing Memory Leak

Vulnerability

A vulnerability exists in EnOcean SmartServer IoT versions through 4.60.009, allowing remote attackers to exploit the LON IP-852 management messages. By sending specially crafted IP-852 messages, attackers can cause a memory leak from the program's memory.

Impact

Exploitation of this vulnerability leads to a memory leak, causing potential performance degradation or resource exhaustion.

Remediation

Users are advised to update EnOcean SmartServer IoT to version 4.6 Update 2 (v4.60.023) or later. For additional mitigations and workarounds, refer to EnOcean's hardening guide.

Added: Feb 20, 2026, 6:03 PM

Updated: Feb 20, 2026, 6:03 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EnOcean SmartServer IoT Out-of-Bounds Read Vulnerability Allowing Memory Leak

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating