CVE-2021-37740

Name of the Vulnerable Software and Affected Versions MDT KNXnet/IP Secure router SCN-IP100.03 versions prior to 3.0.4 MDT KNX IP interface SCN-IP000.03 versions prior to 3.0.4

Description A denial of service issue exists in the firmware of the affected devices, allowing a remote attacker to make the device unresponsive to all requests on the KNXnet/IP Secure layer until it is rebooted. This is achieved via a SESSION REQUEST frame with a modified total length field.

Recommendations For MDT KNXnet/IP Secure router SCN-IP100.03 versions prior to 3.0.4, update to version 3.0.4 or later to resolve the issue. For MDT KNX IP interface SCN-IP000.03 versions prior to 3.0.4, update to version 3.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the SESSION REQUEST frame to minimize the risk of exploitation.