Multiple Vulnerabilities on Zigbee Products

Monitor6.5SEVD-2026-013-03Jan 13, 2026

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric Wiser and Iconic Zigbee-based control devices contain multiple denial of service vulnerabilities inherited from Silicon Labs' EmberZNet platform. Affected products include smart switches, dimmers, thermostatic radiator valves (iTRV, RTR), underfloor heating controllers (UFH), boiler relays, electrical heat switches, micromodules, and EV charging outlet controllers across multiple OEM variants (Iconic, Exxact, Elko, Odace, Merten, Fuga, Mureva). All versions of these products are vulnerable. The vulnerabilities could cause devices to become unavailable, affecting lighting control, HVAC operation, heating circuits, and EV charging circuits.

What this means

What could happen

An attacker could send crafted Zigbee packets to cause denial of service, making connected lighting, heating, HVAC, or charging devices unresponsive and unavailable for manual control during the attack.

Who's at risk

Building automation and energy management operators should care: this affects all Wiser and Iconic brand Zigbee lighting switches, dimmers, smart outlets, thermostatic radiator valves (heating control), underfloor heating controllers, boiler relays, and EV charging controllers. Facilities using Schneider Electric's Wiser smart home/building automation system, distributed heating systems, or connected electrical distribution in commercial buildings are at risk.

How it could be exploited

An attacker with access to the Zigbee network could transmit specially crafted packets that crash or hang the affected devices. If the network is connected to or visible from the enterprise network, or if an attacker is within RF range of the Zigbee mesh, exploitation is possible without credentials.

Prerequisites

Access to the Zigbee network (RF proximity or network path to Zigbee coordinator)
No authentication credentials required to send Zigbee packets

No patch available for any affected productAffects operational control devices (lighting, heating, EV charging)No authentication required for exploitationLow attack complexity

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (34)

34 pending

ProductAffected VersionsFix Status

Iconic, Wiser Connected Smart Switch, 2AX All VersionsAll versionsNo fix yet

Iconic, Wiser Connected Smart Switch, 10AX All VersionsAll versionsNo fix yet

Iconic, Connected AC Fan Controller All VersionsAll versionsNo fix yet

Iconic, Connected Smart Socket All VersionsAll versionsNo fix yet

Wiser Connected Application Module 1-Gang All VersionsAll versionsNo fix yet

Remediation & Mitigation

0/6

Do now

0/4

HARDENINGIsolate Zigbee control networks from the business network using firewalls and network segmentation

HARDENINGImplement physical access controls to prevent unauthorized personnel from accessing Zigbee devices and coordinators

HARDENINGPlace all Zigbee coordinators and gateways in locked cabinets and never leave them in commissioning or programming mode

HARDENINGEnsure Zigbee networks are not accessible from the Internet or connected directly to untrusted networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to Zigbee systems is required, use a secure VPN connection and keep VPN software updated

HARDENINGImplement network monitoring to detect abnormal Zigbee traffic patterns that could indicate denial of service attempts

CVEs (5)

CVE-2024-6350 CVE-2024-6351 CVE-2024-6352 CVE-2024-10106 CVE-2024-7322

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f1dded39-13f9-4a6b-8812-23f0ab94f314