EnOcean SmartServer IoT
Summary
CISA has released an alert regarding vulnerabilities in EnOcean SmartServer IoT versions up to 4.60.009. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code and bypass ASLR.
IFF Assessment
FOE
The vulnerabilities allow for remote code execution, which is a significant risk to defenders.
Severity
8.1
High
Defender Context
Defenders should immediately update their EnOcean SmartServer IoT devices to version 4.60.023 or later to mitigate the vulnerabilities. It is also recommended to review EnOcean's hardening guide for additional security measures. Command injection vulnerabilities in IoT devices remain a common and dangerous attack vector.