EIBPORT Session Management Fail
Plan PatchCVSS 8.89akk108471a1621Jun 2, 2025
ABB
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
ABB EIBPORT V3 KNX contains a session management vulnerability (CWE-384) that allows an attacker with network access to bypass authentication, read sensitive information stored on the device, and modify its configuration. Affected versions are 3.9.8 and earlier. The vulnerability requires user interaction for exploitation.
What this means
What could happen
An attacker could read sensitive information stored on the EIBPORT device and modify its configuration, potentially disrupting KNX home/building automation functions or exposing credentials used to manage the system.
Who's at risk
Building automation and home automation operators using ABB EIBPORT V3 KNX devices for gateway/routing functions should prioritize patching. This affects facilities that rely on KNX protocol for HVAC, lighting, or access control integration.
How it could be exploited
An attacker with network access to the EIBPORT device can exploit a session management flaw to bypass authentication controls. The attacker can then access sensitive data and alter device configuration without proper credentials.
Prerequisites
- Network access to the EIBPORT device
- User interaction required (as indicated by UI:R in CVSS vector)
remotely exploitableno authentication requiredlow complexityhigh CVSS score
Exploitability
Unlikely to be exploited — EPSS score 0.3%
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
EIBPORT V3 KNX≤ 3.9.83.9.9
EIBPORT V3 KNX GSM≤ 3.9.83.9.9
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDRestrict network access to the EIBPORT device to trusted management networks only using firewall rules
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
EIBPORT V3 KNX
HOTFIXUpdate EIBPORT V3 KNX firmware to version 3.9.9 or later
Long-term hardening
0/1HARDENINGSegment EIBPORT devices from untrusted network segments (guest networks, external contractors, internet access)
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/c50445d1-b921-4469-9066-4e6e3a698611Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.