CVE Details

CVE-2023-4346 KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability
Published: 2026-07-15 CVSS: 7.5 HIGH Product: KNX Association KNX Protocol Connection Authorization Option 1 Due Date: 2026-07-29

KNX Association KNX Protocol Connection Authorization Option 1 contains an overly restrictive account lockout mechanism vulnerability that could allow an attacker to purge all devices without additional security options enabled and set a BCU key to lock the device.

GitHub PoC

Warning: GitHub PoC repositories are unverified. Some may be fake or contain malware. Use caution and review code before running anything.

No GitHub PoC data.

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

Timeline

CVE Stalker KEV MITRE GitHub FIRST (EPSS)

MITRE

CVSS

  • Score: 7.5
  • Severity: HIGH
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

  • Exploitation: none
  • Automatable: yes
  • Technical Impact: partial

References

Show Raw Data
Key Remaining Key Value
dataType CVE_RECORD
dataVersion 5.1
cveMetadata > cveId CVE-2023-4346
cveMetadata > assignerOrgId 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
cveMetadata > state PUBLISHED
cveMetadata > assignerShortName icscert
cveMetadata > dateReserved 2023-08-14T22:14:58.101Z
cveMetadata > datePublished 2023-08-29T19:38:55.399Z
cveMetadata > dateUpdated 2024-10-01T20:32:28.522Z
containers > cna > affected > 0 > defaultStatus unaffected
containers > cna > affected > 0 > product KNX Protocol Connection Authorization Option 1
containers > cna > affected > 0 > vendor KNX Association
containers > cna > affected > 0 > versions > 0 > status affected
containers > cna > affected > 0 > versions > 0 > version 0
containers > cna > credits > 0 > lang en
containers > cna > credits > 0 > type reporter
containers > cna > credits > 0 > user 00000000-0000-4000-9000-000000000000
containers > cna > credits > 0 > value Felix Eberstaller
containers > cna > credits > 1 > lang en
containers > cna > credits > 1 > type finder
containers > cna > credits > 1 > user 00000000-0000-4000-9000-000000000000
containers > cna > credits > 1 > value Limes Security
containers > cna > datePublic 2023-08-24T16:00:00.000Z
containers > cna > descriptions > 0 > lang en
containers > cna > descriptions > 0 > supportingMedia > 0 > base64 False
containers > cna > descriptions > 0 > supportingMedia > 0 > type text/html
containers > cna > descriptions > 0 > supportingMedia > 0 > value <span style="background-color: rgb(255, 255, 255);">KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the device, but this password can often not be reset without entering the current password. If the device is configured to interface with a network, an attacker with access to that network could interface with the KNX installation, purge all devices without additional security options enabled, and set a BCU key, locking the device. Even if a device is not connected to a network, an attacker with physical access to the device could also exploit this vulnerability in the same way. </span>
containers > cna > descriptions > 0 > value KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the device, but this password can often not be reset without entering the current password. If the device is configured to interface with a network, an attacker with access to that network could interface with the KNX installation, purge all devices without additional security options enabled, and set a BCU key, locking the device. Even if a device is not connected to a network, an attacker with physical access to the device could also exploit this vulnerability in the same way.
containers > cna > metrics > 0 > cvssV3_1 > attackComplexity LOW
containers > cna > metrics > 0 > cvssV3_1 > attackVector NETWORK
containers > cna > metrics > 0 > cvssV3_1 > availabilityImpact HIGH
containers > cna > metrics > 0 > cvssV3_1 > baseScore 7.5
containers > cna > metrics > 0 > cvssV3_1 > baseSeverity HIGH
containers > cna > metrics > 0 > cvssV3_1 > confidentialityImpact NONE
containers > cna > metrics > 0 > cvssV3_1 > integrityImpact NONE
containers > cna > metrics > 0 > cvssV3_1 > privilegesRequired NONE
containers > cna > metrics > 0 > cvssV3_1 > scope UNCHANGED
containers > cna > metrics > 0 > cvssV3_1 > userInteraction NONE
containers > cna > metrics > 0 > cvssV3_1 > vectorString CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
containers > cna > metrics > 0 > cvssV3_1 > version 3.1
containers > cna > metrics > 0 > format CVSS
containers > cna > metrics > 0 > scenarios > 0 > lang en
containers > cna > metrics > 0 > scenarios > 0 > value GENERAL
containers > cna > problemTypes > 0 > descriptions > 0 > cweId CWE-645
containers > cna > problemTypes > 0 > descriptions > 0 > description CWE-645 Overly Restrictive Account Lockout Mechanism
containers > cna > problemTypes > 0 > descriptions > 0 > lang en
containers > cna > problemTypes > 0 > descriptions > 0 > type CWE
containers > cna > providerMetadata > orgId 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
containers > cna > providerMetadata > shortName icscert
containers > cna > providerMetadata > dateUpdated 2023-08-29T19:38:55.399Z
containers > cna > references > 0 > tags > 0 government-resource
containers > cna > references > 0 > url https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-01
containers > cna > source > discovery UNKNOWN
containers > cna > workarounds > 0 > lang en
containers > cna > workarounds > 0 > supportingMedia > 0 > base64 False
containers > cna > workarounds > 0 > supportingMedia > 0 > type text/html
containers > cna > workarounds > 0 > supportingMedia > 0 > value <span style="background-color: rgb(255, 255, 255);">The KNX Association recommends users always set the BCU Key in every KNX Project that is already finished and will be commissioned in the future. Handover the BCU Key as part of the Project Documentation to the Building Owner. </span> <br>
containers > cna > workarounds > 0 > value The KNX Association recommends users always set the BCU Key in every KNX Project that is already finished and will be commissioned in the future. Handover the BCU Key as part of the Project Documentation to the Building Owner.
containers > cna > x_generator > engine Vulnogram 0.1.0-dev
containers > adp > 0 > providerMetadata > orgId af854a3a-2127-422b-91ae-364da2661108
containers > adp > 0 > providerMetadata > shortName CVE
containers > adp > 0 > providerMetadata > dateUpdated 2024-08-02T07:24:04.770Z
containers > adp > 0 > title CVE Program Container
containers > adp > 0 > references > 0 > tags > 0 government-resource
containers > adp > 0 > references > 0 > tags > 1 x_transferred
containers > adp > 0 > references > 0 > url https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-01
containers > adp > 1 > metrics > 0 > other > type ssvc
containers > adp > 1 > metrics > 0 > other > content > timestamp 2024-10-01T20:32:19.712035Z
containers > adp > 1 > metrics > 0 > other > content > id CVE-2023-4346
containers > adp > 1 > metrics > 0 > other > content > options > 0 > Exploitation none
containers > adp > 1 > metrics > 0 > other > content > options > 1 > Automatable yes
containers > adp > 1 > metrics > 0 > other > content > options > 2 > Technical Impact partial
containers > adp > 1 > metrics > 0 > other > content > role CISA Coordinator
containers > adp > 1 > metrics > 0 > other > content > version 2.0.3
containers > adp > 1 > title CISA ADP Vulnrichment
containers > adp > 1 > providerMetadata > orgId 134c704f-9b21-4f2e-91b3-4a467353bcc0
containers > adp > 1 > providerMetadata > shortName CISA-ADP
containers > adp > 1 > providerMetadata > dateUpdated 2024-10-01T20:32:28.522Z