CVE-2023-4346

Name of the Vulnerable Software and Affected Versions KNX devices (affected versions not specified)

Description The issue affects KNX devices that use KNX Connection Authorization and support Option 1. Depending on the implementation, these devices are vulnerable to being locked, and users may be unable to reset them to gain access. The BCU key feature can be used to create a password, but this password often cannot be reset without entering the current password. An attacker with network access or physical access to the device could exploit this issue by interfacing with the KNX installation, purging devices without additional security options, and setting a BCU key to lock the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.