Advertisement
Security

CISA Adds Actively Exploited KNX Protocol Flaw to KEV Catalog

A critical account lockout vulnerability in KNX Association products is now under active exploitation, requiring immediate remediation by federal agencies.

··1 hour ago·1 min read
red and black love lock
Photo by FlyD on Unsplash
Advertisement

CISA has added CVE-2023-4346, an overly restrictive account lockout vulnerability within the KNX Association KNX Protocol Connection Authorization Option 1, to its Known Exploited Vulnerabilities catalog. This flaw allows an attacker to purge all devices lacking additional security configurations and set a Bus Coupling Unit (BCU) key to lock the affected hardware.

The vulnerability, classified under CWE-645, is confirmed to be under active, real-world exploitation. Federal agencies are required to apply vendor-provided mitigations by July 29, 2026, in accordance with BOD 26-04. Stakeholders must evaluate the internet exposure of their assets and ensure compliance with CISA's forensic triage and patching requirements.

#cve-2023-4346#knx#cisa#vulnerability

Xploitwire Editorial Team

Xploitwire Newsroom

This article was researched and drafted with AI assistance and reviewed by our editorial team before publication. About Xploitwire →

← Back to all stories
Advertisement