CVE-2023-4346

KNX Association · KNX Protocol Connection Authorization

The KNX Protocol Connection Authorization Option 1 contains an overly restrictive account lockout mechanism vulnerability that is currently being exploited in the wild.

Executive summary

This vulnerability in the KNX Protocol Connection Authorization mechanism is confirmed to be actively exploited in the wild, posing a severe risk to system availability.

Vulnerability

This vulnerability involves an overly restrictive account lockout mechanism (CWE-645) that permits an unauthenticated remote attacker to cause a denial of service. The flaw allows for the disruption of service availability through the manipulation of connection authorization processes.

Business impact

With a CVSS score of 9.5, this vulnerability represents a critical threat to business operations. Successful exploitation results in the loss of system availability, which can halt industrial processes or critical infrastructure management relying on the KNX protocol. The inclusion of this CVE in the CISA Known Exploited Vulnerabilities (KEV) catalog elevates the urgency for immediate remediation.

Remediation

Immediate Action: Apply all vendor-recommended updates or mitigations immediately. Given the active exploitation status, prioritize this task above standard maintenance cycles.

Proactive Monitoring: Monitor network traffic for unusual spikes in connection attempts or repeated failed authentication patterns that may indicate an active denial of service attack.

Compensating Controls: Implement strict network segmentation and firewall rules to limit access to the KNX interface to only authorized, trusted internal systems.

Exploitation status

Public Exploit Available: No

Analyst recommendation

The critical nature of this vulnerability, combined with its status as an actively exploited flaw in the CISA KEV catalog, requires immediate attention. Security teams must verify their exposure to the KNX protocol and apply the necessary vendor mitigations without delay to prevent service disruption.