EIBPORT Reflected XSS

Plan Patch89akk108471a7808Oct 7, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionRequired

Summary

EIBPORT V3 KNX products contain a reflected cross-site scripting (XSS) vulnerability (CWE-79) in versions prior to 3.9.2. An attacker who successfully exploits this vulnerability could access sensitive information stored inside the device and change its configuration.

What this means

What could happen

An attacker could read sensitive configuration data from your KNX gateway and modify its settings, potentially disrupting building automation functions like lighting, HVAC, or energy management.

Who's at risk

Building automation operators and facility managers at organizations using ABB EIBPORT V3 KNX gateways for lighting control, HVAC coordination, or energy management in commercial buildings. Affects three product variants: standard EIBPORT V3 KNX, and the GSM-enabled variant.

How it could be exploited

An attacker crafts a malicious URL containing JavaScript code and tricks an authenticated user (with valid credentials) into clicking it via email or a web link. When the user's browser loads the EIBPORT web interface with the malicious URL, the unfiltered input is reflected back in the response and executed in the user's browser context, allowing the attacker to read device configuration or issue commands to change settings.

Prerequisites

Network access to the EIBPORT web management interface (typically TCP port 80/443)
Valid authenticated user credentials to log into the EIBPORT management portal
User interaction required - an authenticated user must click a malicious link or be tricked into visiting a crafted URL

remotely exploitablerequires user interactionaffects configuration of critical building automation infrastructurerequires valid credentials

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

EIBPORT V3 KNX (2CLA963710W1001)<3.9.23.9.2

EIBPORT V3 KNX (2CSM256242R2001)<3.9.23.9.2

EIBPORT V3 KNX GSM (2CLA963720W1001)<3.9.23.9.2

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to the EIBPORT web management interface - use firewall rules to limit access to trusted engineering and administrative workstations only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EIBPORT V3 KNX firmware to version 3.9.2 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate EIBPORT management traffic from general building network traffic

CVEs (1)

CVE-2021-22291

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a9cf7d69-e20d-483a-b9d5-90c0122498c9