CVE-2024-4008
📋 TL;DR
This vulnerability allows attackers to gain unauthorized access to the local KNX bus system in ABB, Busch-Jaeger, and FTS building automation devices. Attackers can take control of affected devices, potentially manipulating building systems like lighting, HVAC, or security. Organizations using these specific versions of FTS Display and BCU devices are affected.
💻 Affected Systems
- ABB FTS Display
- Busch-Jaeger FTS Display
- FTS Display
- BCU (Bus Coupling Unit)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of building automation systems allowing attackers to manipulate critical infrastructure, disable security systems, cause physical damage, or create unsafe conditions.
Likely Case
Unauthorized control of building systems leading to operational disruption, data leakage from building automation networks, or manipulation of environmental controls.
If Mitigated
Limited impact if devices are isolated from other networks and access to KNX bus is physically secured.
🎯 Exploit Status
Exploitation requires access to the local KNX bus system but no authentication once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch
Restart Required: Yes
Instructions:
1. Review vendor advisory for specific patched firmware versions. 2. Download appropriate firmware from vendor portal. 3. Apply firmware update following vendor documentation. 4. Restart affected devices. 5. Verify successful update.
🔧 Temporary Workarounds
Network Segmentation
allIsolate KNX bus systems from other networks to prevent lateral movement
Physical Access Control
allRestrict physical access to KNX bus wiring and devices
🧯 If You Can't Patch
- Segment KNX network completely from IT networks using firewalls with strict rules
- Implement physical security controls to prevent unauthorized access to KNX bus wiring
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via device web interface or KNX configuration tools. Compare against vulnerable versions: FTS Display 1.00 or BCU 1.3.0.33.Check Version:
Device-specific - typically via web interface or KNX configuration software like ETSVerify Fix Applied:
Verify firmware version has been updated to vendor-recommended patched version. Test KNX bus communication to ensure normal operation.📡 Detection & Monitoring
Log Indicators:
- Unauthorized KNX bus access attempts
- Unexpected KNX telegrams from unknown sources
- Device configuration changes without authorization
Network Indicators:
- Unusual KNX bus traffic patterns
- KNX telegrams from unauthorized addresses
- Multiple failed KNX authentication attempts
SIEM Query:
Search for KNX protocol anomalies, unauthorized device communications, or configuration changes on building automation systems