CISA Adds KNX Protocol Connection Authorization Flaw to KEV Catalog
A critical account lockout vulnerability in the KNX Protocol Connection Authorization Option 1 is currently being exploited in the wild.
CISA has added CVE-2023-4346, a vulnerability in the KNX Association KNX Protocol Connection Authorization Option 1, to its Known Exploited Vulnerabilities catalog. The flaw, identified as an overly restrictive account lockout mechanism (CWE-645), could allow an attacker to purge all devices lacking additional security options and lock them by setting a BCU key.
The vulnerability is confirmed to be under active exploitation. Federal agencies are required to apply vendor-provided mitigations by July 29, 2026, in accordance with BOD 26-04. Stakeholders are advised to evaluate their internet-exposed assets and ensure compliance with CISA's forensic triage and patching guidelines.
Continue Reading
Critical Remote Code Execution Flaw Discovered in SetParameter Command
A critical vulnerability identified as CVE-2023-49900 allows unauthenticated remote attackers to execute arbitrary code due to improper input sanitization.
CISA Adds Actively Exploited Oracle E-Business Suite Flaw to KEV
An improper privilege management vulnerability in Oracle E-Business Suite is currently being exploited in the wild, risking full takeover of Oracle Payments.
AI Data Centers Need New Security Rules
Rapid expansion of AI-specific infrastructure is outpacing security protocols, leaving massive compute clusters vulnerable to risk.