CVE-2024-13967
📋 TL;DR
This vulnerability allows attackers to bypass authentication and access the configuration web page of EIBPORT devices without proper credentials. It affects EIBPORT V3 KNX and EIBPORT V3 KNX GSM devices running firmware versions up to 3.9.8.
💻 Affected Systems
- EIBPORT V3 KNX
- EIBPORT V3 KNX GSM
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains full administrative control over the KNX building automation system, potentially manipulating lighting, HVAC, security systems, or causing physical damage.
Likely Case
Attacker modifies device configurations, disrupts building operations, or uses the device as an entry point to the internal network.
If Mitigated
Limited impact if device is isolated from critical systems and monitored for unauthorized configuration changes.
🎯 Exploit Status
Authentication bypass vulnerabilities typically require minimal technical skill to exploit once details are known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware version after 3.9.8
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A1621&LanguageCode=en&DocumentPartId=pdf&Action=Launch
Restart Required: Yes
Instructions:
1. Download latest firmware from ABB website. 2. Access device web interface. 3. Navigate to firmware update section. 4. Upload new firmware file. 5. Wait for automatic restart.
🔧 Temporary Workarounds
Disable web interface
allDisable the integrated web server if remote configuration is not required.
Network segmentation
allIsolate EIBPORT devices on separate VLAN with strict firewall rules.
🧯 If You Can't Patch
- Implement strict network access controls to limit connections to EIBPORT devices
- Monitor device logs for unauthorized configuration changes and failed authentication attempts
🔍 How to Verify
Check if Vulnerable:
Check firmware version in web interface. If version is 3.9.8 or earlier, device is vulnerable.Check Version:
Access device web interface and navigate to System Information or About page.Verify Fix Applied:
Verify firmware version is updated to version after 3.9.8 and test authentication bypass attempts fail.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access to configuration pages
- Multiple failed login attempts followed by successful access
- Configuration changes from unexpected IP addresses
Network Indicators:
- HTTP requests to configuration URLs without authentication headers
- Traffic to EIBPORT web interface from external IPs
SIEM Query:
source="eibport" AND (event="config_change" OR url="*/config*" OR status=200) AND NOT user="admin"