CVE Details
CVE-2023-4346
KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability
Published: 2026-07-15
CVSS: 7.5 HIGH
Product: KNX Association KNX Protocol Connection Authorization Option 1
Due Date: 2026-07-29
KNX Association KNX Protocol Connection Authorization Option 1 contains an overly restrictive account lockout mechanism vulnerability that could allow an attacker to purge all devices without additional security options enabled and set a BCU key to lock the device.
GitHub PoC
Warning: GitHub PoC repositories are unverified. Some may be fake
or contain malware. Use caution and review code before running anything.
No GitHub PoC data.
FIRST EPSS
EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.
Timeline
CVE Stalker
KEV
MITRE
GitHub
FIRST (EPSS)
MITRE
CVSS
SSVC
References
Show Raw Data
| Key | Remaining Key | Value |
|---|---|---|
| dataType | CVE_RECORD | |
| dataVersion | 5.1 | |
| cveMetadata > | cveId | CVE-2023-4346 |
| cveMetadata > | assignerOrgId | 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 |
| cveMetadata > | state | PUBLISHED |
| cveMetadata > | assignerShortName | icscert |
| cveMetadata > | dateReserved | 2023-08-14T22:14:58.101Z |
| cveMetadata > | datePublished | 2023-08-29T19:38:55.399Z |
| cveMetadata > | dateUpdated | 2024-10-01T20:32:28.522Z |
| containers > | cna > affected > 0 > defaultStatus | unaffected |
| containers > | cna > affected > 0 > product | KNX Protocol Connection Authorization Option 1 |
| containers > | cna > affected > 0 > vendor | KNX Association |
| containers > | cna > affected > 0 > versions > 0 > status | affected |
| containers > | cna > affected > 0 > versions > 0 > version | 0 |
| containers > | cna > credits > 0 > lang | en |
| containers > | cna > credits > 0 > type | reporter |
| containers > | cna > credits > 0 > user | 00000000-0000-4000-9000-000000000000 |
| containers > | cna > credits > 0 > value | Felix Eberstaller |
| containers > | cna > credits > 1 > lang | en |
| containers > | cna > credits > 1 > type | finder |
| containers > | cna > credits > 1 > user | 00000000-0000-4000-9000-000000000000 |
| containers > | cna > credits > 1 > value | Limes Security |
| containers > | cna > datePublic | 2023-08-24T16:00:00.000Z |
| containers > | cna > descriptions > 0 > lang | en |
| containers > | cna > descriptions > 0 > supportingMedia > 0 > base64 | False |
| containers > | cna > descriptions > 0 > supportingMedia > 0 > type | text/html |
| containers > | cna > descriptions > 0 > supportingMedia > 0 > value | <span style="background-color: rgb(255, 255, 255);">KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the device, but this password can often not be reset without entering the current password. If the device is configured to interface with a network, an attacker with access to that network could interface with the KNX installation, purge all devices without additional security options enabled, and set a BCU key, locking the device. Even if a device is not connected to a network, an attacker with physical access to the device could also exploit this vulnerability in the same way. </span> |
| containers > | cna > descriptions > 0 > value | KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the device, but this password can often not be reset without entering the current password. If the device is configured to interface with a network, an attacker with access to that network could interface with the KNX installation, purge all devices without additional security options enabled, and set a BCU key, locking the device. Even if a device is not connected to a network, an attacker with physical access to the device could also exploit this vulnerability in the same way. |
| containers > | cna > metrics > 0 > cvssV3_1 > attackComplexity | LOW |
| containers > | cna > metrics > 0 > cvssV3_1 > attackVector | NETWORK |
| containers > | cna > metrics > 0 > cvssV3_1 > availabilityImpact | HIGH |
| containers > | cna > metrics > 0 > cvssV3_1 > baseScore | 7.5 |
| containers > | cna > metrics > 0 > cvssV3_1 > baseSeverity | HIGH |
| containers > | cna > metrics > 0 > cvssV3_1 > confidentialityImpact | NONE |
| containers > | cna > metrics > 0 > cvssV3_1 > integrityImpact | NONE |
| containers > | cna > metrics > 0 > cvssV3_1 > privilegesRequired | NONE |
| containers > | cna > metrics > 0 > cvssV3_1 > scope | UNCHANGED |
| containers > | cna > metrics > 0 > cvssV3_1 > userInteraction | NONE |
| containers > | cna > metrics > 0 > cvssV3_1 > vectorString | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| containers > | cna > metrics > 0 > cvssV3_1 > version | 3.1 |
| containers > | cna > metrics > 0 > format | CVSS |
| containers > | cna > metrics > 0 > scenarios > 0 > lang | en |
| containers > | cna > metrics > 0 > scenarios > 0 > value | GENERAL |
| containers > | cna > problemTypes > 0 > descriptions > 0 > cweId | CWE-645 |
| containers > | cna > problemTypes > 0 > descriptions > 0 > description | CWE-645 Overly Restrictive Account Lockout Mechanism |
| containers > | cna > problemTypes > 0 > descriptions > 0 > lang | en |
| containers > | cna > problemTypes > 0 > descriptions > 0 > type | CWE |
| containers > | cna > providerMetadata > orgId | 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 |
| containers > | cna > providerMetadata > shortName | icscert |
| containers > | cna > providerMetadata > dateUpdated | 2023-08-29T19:38:55.399Z |
| containers > | cna > references > 0 > tags > 0 | government-resource |
| containers > | cna > references > 0 > url | https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-01 |
| containers > | cna > source > discovery | UNKNOWN |
| containers > | cna > workarounds > 0 > lang | en |
| containers > | cna > workarounds > 0 > supportingMedia > 0 > base64 | False |
| containers > | cna > workarounds > 0 > supportingMedia > 0 > type | text/html |
| containers > | cna > workarounds > 0 > supportingMedia > 0 > value | <span style="background-color: rgb(255, 255, 255);">The KNX Association recommends users always set the BCU Key in every KNX Project that is already finished and will be commissioned in the future. Handover the BCU Key as part of the Project Documentation to the Building Owner. </span> <br> |
| containers > | cna > workarounds > 0 > value | The KNX Association recommends users always set the BCU Key in every KNX Project that is already finished and will be commissioned in the future. Handover the BCU Key as part of the Project Documentation to the Building Owner. |
| containers > | cna > x_generator > engine | Vulnogram 0.1.0-dev |
| containers > | adp > 0 > providerMetadata > orgId | af854a3a-2127-422b-91ae-364da2661108 |
| containers > | adp > 0 > providerMetadata > shortName | CVE |
| containers > | adp > 0 > providerMetadata > dateUpdated | 2024-08-02T07:24:04.770Z |
| containers > | adp > 0 > title | CVE Program Container |
| containers > | adp > 0 > references > 0 > tags > 0 | government-resource |
| containers > | adp > 0 > references > 0 > tags > 1 | x_transferred |
| containers > | adp > 0 > references > 0 > url | https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-01 |
| containers > | adp > 1 > metrics > 0 > other > type | ssvc |
| containers > | adp > 1 > metrics > 0 > other > content > timestamp | 2024-10-01T20:32:19.712035Z |
| containers > | adp > 1 > metrics > 0 > other > content > id | CVE-2023-4346 |
| containers > | adp > 1 > metrics > 0 > other > content > options > 0 > Exploitation | none |
| containers > | adp > 1 > metrics > 0 > other > content > options > 1 > Automatable | yes |
| containers > | adp > 1 > metrics > 0 > other > content > options > 2 > Technical Impact | partial |
| containers > | adp > 1 > metrics > 0 > other > content > role | CISA Coordinator |
| containers > | adp > 1 > metrics > 0 > other > content > version | 2.0.3 |
| containers > | adp > 1 > title | CISA ADP Vulnrichment |
| containers > | adp > 1 > providerMetadata > orgId | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| containers > | adp > 1 > providerMetadata > shortName | CISA-ADP |
| containers > | adp > 1 > providerMetadata > dateUpdated | 2024-10-01T20:32:28.522Z |