CVE-2024-4009

Name of the Vulnerable Software and Affected Versions ABB Display versions 1.00 BCU version 1.3.0.33 ABB Display 55, Display 63, Display 70, RoomTouch 4 (affected versions not specified)

Description The issue allows an attacker to capture and replay KNX telegrams to the local KNX Bus-System, potentially bypassing authentication procedures. This could enable an attacker to elevate their privileges. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided.

Recommendations For ABB Display version 1.00, update to a version that fixes the replay attack issue. For BCU version 1.3.0.33, update to a version that fixes the replay attack issue. For ABB Display 55, Display 63, Display 70, RoomTouch 4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.