CVE-2024-4008

Name of the Vulnerable Software and Affected Versions: ABB Display versions 1.00 BCU version 1.3.0.33 ABB Display 55 (affected versions not specified) ABB Display 63 (affected versions not specified) ABB Display 70 (affected versions not specified) RoomTouch 4 (affected versions not specified)

Description: The issue is related to a lack of protection for service data in the KNX Bus-System component of the affected devices' firmware. This allows an attacker to gain control over the devices via access to the local KNX Bus-System. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations: For ABB Display version 1.00, update to a version that fixes the FDSK Leak issue. For BCU version 1.3.0.33, update to a version that fixes the FDSK Leak issue. For ABB Display 55, ABB Display 63, ABB Display 70, and RoomTouch 4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.