CVE-2023-4346 – KNX devices with Connection Authorization Optio... (How to Fix)

Q: What is the severity of CVE-2023-4346?

CVE-2023-4346 has a CVSS score of 7.5 (HIGH). KNX devices with Connection Authorization Option 1 are vulnerable to permanent lockout attacks. An attacker with network or physical access can purge devices and set a BCU key password, preventing legitimate users from accessing or resetting the device. This affects KNX building automation systems used in smart buildings.

📋 TL;DR

KNX devices with Connection Authorization Option 1 are vulnerable to permanent lockout attacks. An attacker with network or physical access can purge devices and set a BCU key password, preventing legitimate users from accessing or resetting the device. This affects KNX building automation systems used in smart buildings.

💻 Affected Systems

Products:

KNX devices with Connection Authorization supporting Option 1

Versions: All versions implementing the vulnerable BCU key feature

Operating Systems: Embedded systems in KNX devices

Default Config Vulnerable: ⚠️ Yes

Notes: Devices must have Connection Authorization Option 1 enabled and lack additional security options. Both network-connected and physically accessible devices are vulnerable.

📦 What is this software?

Connection Authorization by Knx

View all CVEs affecting Connection Authorization →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for building automation systems - lighting, HVAC, security, and other KNX-controlled systems become permanently inaccessible, requiring physical device replacement.

🟠

Likely Case

Targeted lockout of critical building systems causing operational disruption and requiring physical intervention to restore functionality.

🟢

If Mitigated

Minimal impact if devices are properly segmented and additional security options are enabled, preventing unauthorized access.

🌐 Internet-Facing: MEDIUM - Only if KNX devices are directly exposed to the internet, which is poor practice but sometimes occurs in misconfigured systems.

🏢 Internal Only: HIGH - Attackers on the local network can exploit this vulnerability to lock devices, and physical access also enables exploitation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network or physical access but no authentication. The attack sequence is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-01

Restart Required: No

Instructions:

No firmware patch available. Follow CISA advisory recommendations: 1. Enable additional security options beyond Option 1. 2. Implement network segmentation. 3. Restrict physical access to KNX devices.

🔧 Temporary Workarounds

Enable Additional Security Options

all

Configure KNX devices to use security options beyond Connection Authorization Option 1, such as device authentication or encryption.

Network Segmentation

all

Isolate KNX networks from general corporate networks using VLANs or physical separation.

🧯 If You Can't Patch

Implement strict physical access controls to KNX device locations
Monitor KNX network traffic for unauthorized purge or BCU key setting attempts

🔍 How to Verify

Check if Vulnerable:

Check if KNX devices are configured with Connection Authorization Option 1 without additional security options enabled. Review device configuration via KNX engineering tools.

Check Version:

Use KNX device manufacturer tools to check device configuration and security settings.

Verify Fix Applied:

Verify that additional security options are enabled and devices are not using only Option 1. Confirm network segmentation is in place.

📡 Detection & Monitoring

Log Indicators:

KNX device purge events
BCU key setting attempts from unauthorized sources
Connection authorization failures

Network Indicators:

KNX network traffic from unauthorized IP addresses
Purge commands on KNX network
BCU key setting commands

SIEM Query:

source="knx_device" AND (event_type="purge" OR event_type="bcu_key_set")

📊 Metadata

CVE ID: CVE-2023-4346

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-645

Published: August 29, 2023

Last Updated: November 21, 2024

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-01 Third Party Advisory,US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-4346, you might also want to check these: