Security researchers at Claroty have discovered critical vulnerabilities in EnOcean's SmartServer IoT platform that could allow hackers to remotely take control of building management and automation systems used in smart buildings, factories, and data centers. The flaws enable attackers to bypass memory protections and execute arbitrary commands with root privileges on the Linux-based devices, potentially compromising internet-exposed systems. EnOcean has released a security update to patch the vulnerabilities, which also affect legacy i.LON devices.