Return to Team82 Research

Nexus Podcast: Noam Moshe on APT Attacks vs. OT

March 5th, 2024 / 0 min read

Team82’s extensive research into network attached storage devices and the ubiquitous OPC UA industrial protocol came to a head recently in Las Vegas with a pair of presentations at Black Hat USA and DEF CON.

Stay in the know Get the Team82 Newsletter

Recent Vulnerability Disclosures

CVE-2026-22885

A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in a memory leak from the program's memory.
Read more: Examining the Legacy BMS LonTalk Protocol.

CVSS v3: 3.7
CVE-2026-20761

A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device.
Read more: Examining the Legacy BMS LonTalk Protocol.

CVSS v3: 8.1
CVE-2026-0779

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.

The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.

Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.

CVSS v3: 7.2
CVE-2026-0780

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.

The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.

Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.

CVSS v3: 7.2
CVE-2026-0781

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability.

The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device.

Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the product.

CVSS v3: 7.2

Nexus Podcast: Noam Moshe on APT Attacks vs. OT

CVE-2026-22885

CVE-2026-20761

CVE-2026-0779

CVE-2026-0780

CVE-2026-0781