PatchSiren cyber security CVE debrief
CVE-2026-22885 EnOcean Edge Inc CVE debrief
CVE-2026-22885 is a low-severity network-reachable issue in EnOcean SmartServer IoT version 4.60.009 and earlier. According to CISA’s advisory, a remote attacker can send specially crafted IP-852 management messages that cause a memory leak in the program’s memory. The advisory rates the issue as CVSS 3.1 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) and does not list it in CISA KEV.
- Vendor
- EnOcean Edge Inc
- Product
- SmartServer IoT
- CVSS
- LOW 3.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-19
- Original CVE updated
- 2026-02-19
- Advisory published
- 2026-02-19
- Advisory updated
- 2026-02-19
Who should care
OT/ICS operators, system integrators, and monitoring teams running or managing EnOcean SmartServer IoT 4.60.009 or earlier, especially where IP-852 management traffic is exposed or routed across untrusted network segments.
Technical summary
CISA’s CSAF advisory states that remote attackers can abuse LON IP-852 management messages by sending specially crafted IP-852 messages that trigger a memory leak in SmartServer IoT. The documented impact is limited to low confidentiality impact, with no integrity or availability impact in the supplied CVSS vector. The affected scope is EnOcean SmartServer IoT 4.60.009 and prior.
Defensive priority
Moderate for exposed OT environments, but not urgent from an exploitation-trend perspective. The issue is not listed in KEV and the reported impact is limited; still, patching should be prioritized on any reachable deployment because the attack is remote and unauthenticated.
Recommended defensive actions
- Update SmartServer platform software to SmartServer 4.6 Update 2 (v4.60.023) or later.
- If immediate patching is not possible, apply EnOcean’s hardening guidance and restrict access to SmartServer management paths and IP-852-related traffic to trusted OT network segments only.
- Inventory all SmartServer IoT deployments and verify whether any instance is at version 4.60.009 or earlier.
- Monitor for unusual IP-852 management message activity and other anomalous traffic patterns on affected OT networks.
- Confirm remediation after upgrade by validating the installed SmartServer version and reviewing any applicable vendor hardening recommendations.
Evidence notes
Primary evidence comes from CISA’s CSAF advisory ICSA-26-050-01 for CVE-2026-22885, published 2026-02-19 with no later modification in the supplied corpus. The advisory identifies the affected product as EnOcean SmartServer IoT 4.60.009 and prior, describes a remote memory-leak condition tied to specially crafted IP-852 management messages, and provides the remediation to upgrade to v4.60.023 or later. The provided enrichment marks KEV as false and the vendor attribution as low-confidence, so the product identity should be treated as advisory-backed but vendor-mapping may need review.
Official resources
-
CVE-2026-22885 CVE record
CVE.org
-
CVE-2026-22885 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA on 2026-02-19. No KEV listing is provided in the supplied corpus.