CVE-2023-4346
KNX Association · KNX Protocol Connection Authorization
The KNX Protocol Connection Authorization Option 1 contains an overly restrictive account lockout mechanism vulnerability that is currently being exploited in the wild.
Executive summary
This vulnerability in the KNX Protocol Connection Authorization mechanism is confirmed to be actively exploited in the wild, posing a severe risk to system availability.
Vulnerability
This vulnerability involves an overly restrictive account lockout mechanism (CWE-645) that permits an unauthenticated remote attacker to cause a denial of service. The flaw allows for the disruption of service availability through the manipulation of connection authorization processes.
Business impact
With a CVSS score of 9.5, this vulnerability represents a critical threat to business operations. Successful exploitation results in the loss of system availability, which can halt industrial processes or critical infrastructure management relying on the KNX protocol. The inclusion of this CVE in the CISA Known Exploited Vulnerabilities (KEV) catalog elevates the urgency for immediate remediation.
Remediation
Immediate Action: Apply all vendor-recommended updates or mitigations immediately. Given the active exploitation status, prioritize this task above standard maintenance cycles.
Proactive Monitoring: Monitor network traffic for unusual spikes in connection attempts or repeated failed authentication patterns that may indicate an active denial of service attack.
Compensating Controls: Implement strict network segmentation and firewall rules to limit access to the KNX interface to only authorized, trusted internal systems.
Exploitation status
Public Exploit Available: No
Analyst recommendation
The critical nature of this vulnerability, combined with its status as an actively exploited flaw in the CISA KEV catalog, requires immediate attention. Security teams must verify their exposure to the KNX protocol and apply the necessary vendor mitigations without delay to prevent service disruption.