PatchSiren cyber security CVE debrief
CVE-2026-20761 EnOcean Edge Inc CVE debrief
CVE-2026-20761 is a high-severity remote command execution issue in EnOcean SmartServer IoT version 4.60.009 and earlier. According to the CISA advisory, a remote attacker can send specially crafted LON IP-852 management messages and trigger arbitrary OS command execution on the device. EnOcean’s listed remediation is to upgrade to SmartServer 4.6 Update 2 (v4.60.023) or later.
- Vendor
- EnOcean Edge Inc
- Product
- SmartServer IoT
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-19
- Original CVE updated
- 2026-02-19
- Advisory published
- 2026-02-19
- Advisory updated
- 2026-02-19
Who should care
OT/ICS operators using EnOcean SmartServer IoT, especially teams responsible for building automation, network segmentation, firmware management, and incident response. Security teams should pay close attention if IP-852 management traffic is reachable beyond tightly controlled OT zones.
Technical summary
The advisory describes a network-reachable flaw in the handling of LON IP-852 management messages. The attack requires no privileges and no user interaction, and the supplied CVSS v3.1 vector is AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, reflecting the potential for full compromise impact if the vulnerable path is reachable. The source corpus indicates affected versions are SmartServer IoT 4.60.009 and prior, with a fixed release at v4.60.023 or later.
Defensive priority
High priority for any exposed or operationally critical deployment. Because the issue can lead to arbitrary OS command execution on an OT device, remediation should be scheduled promptly, with the highest urgency for environments where IP-852 management messages traverse less-trusted networks or where the device has broad operational access.
Recommended defensive actions
- Upgrade SmartServer IoT to version 4.60.023 or later, per EnOcean’s remediation guidance.
- Restrict and segment access to LON IP-852 management traffic so only authorized OT management systems can reach the device.
- Review exposed interfaces, routing, and firewall rules to confirm the vulnerable service is not reachable from untrusted networks.
- Apply EnOcean’s hardening guidance for additional mitigations and workarounds.
- Verify asset inventory to identify all SmartServer IoT instances at version 4.60.009 or earlier.
- Monitor for unexpected command execution, configuration changes, or abnormal management traffic targeting the device.
Evidence notes
The source corpus is CISA’s CSAF advisory ICSA-26-050-01, published 2026-02-19, and it states that EnOcean SmartServer IoT version 4.60.009 and prior are affected. The advisory describes remote attackers sending specially crafted IP-852 management messages that can result in arbitrary OS command execution on the device. The supplied CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H with a score of 8.1 (HIGH). The advisory also includes SSVCv2/E:N/A:N/2026-02-18T07:00:00.000000Z and recommends upgrading to v4.60.023 or later.
Official resources
-
CVE-2026-20761 CVE record
CVE.org
-
CVE-2026-20761 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE published and source advisory initially released on 2026-02-19. The supplied corpus shows no later modification, KEV addition, or ransomware association.