Advertisement
Security

CISA Adds KNX Protocol Connection Authorization Flaw to KEV Catalog

A critical account lockout vulnerability in the KNX Protocol Connection Authorization Option 1 is currently being exploited in the wild.

··1 hour ago·1 min read
padlock on laptop with light trails
Photo by FlyD on Unsplash
Advertisement

CISA has added CVE-2023-4346, a vulnerability in the KNX Association KNX Protocol Connection Authorization Option 1, to its Known Exploited Vulnerabilities catalog. The flaw, identified as an overly restrictive account lockout mechanism (CWE-645), could allow an attacker to purge all devices lacking additional security options and lock them by setting a BCU key.

The vulnerability is confirmed to be under active exploitation. Federal agencies are required to apply vendor-provided mitigations by July 29, 2026, in accordance with BOD 26-04. Stakeholders are advised to evaluate their internet-exposed assets and ensure compliance with CISA's forensic triage and patching guidelines.

#cve-2023-4346#knx#cisa#vulnerability#kev

Xploitwire Editorial Team

Xploitwire Newsroom

This article was researched and drafted with AI assistance and reviewed by our editorial team before publication. About Xploitwire →

← Back to all stories
Advertisement