KNX Protocol
Monitor7.5ICS-CERT ICSA-23-236-01Aug 24, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
KNX devices using Connection Authorization Option 1 Style without a BCU Key set can be exploited by attackers with network access to lock out legitimate users. Once access is restricted, there is no built-in recovery mechanism to restore user access to the device. This affects all versions of susceptible KNX devices, and no firmware patch is available from the vendor. The vulnerability has been observed in active exploitation. The only protective measure is to set a BCU Key during project configuration before deployment and to isolate KNX networks from Internet and untrusted network access.
What this means
What could happen
An attacker who gains access to a KNX device without a BCU Key set can lock out legitimate users from that device with no built-in recovery method, potentially disrupting building automation and control functions.
Who's at risk
Building automation integrators, installers, facility managers, and building owners who deploy KNX-based control systems are affected. This includes anyone managing smart building infrastructure, climate control systems, lighting automation, or occupancy-based building controls that rely on KNX devices.
How it could be exploited
An attacker with network access to a KNX device configured with Connection Authorization Option 1 Style and no BCU Key can authenticate and change the device settings to deny legitimate access. This locks out administrators and operators from the device without a straightforward reset procedure.
Prerequisites
- Network access to the KNX device
- KNX device using Connection Authorization Option 1 Style
- No BCU Key currently set on the target device
Remotely exploitableNo authentication required when BCU Key not setLow attack complexityNo patch availableActively exploited in the wildAffects building automation and control systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
KNX devices using Connection Authorization Option 1 Style in which no BCU Key is currently set: *All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGSet the BCU Key in every KNX project before commissioning, and include the BCU Key in project documentation handed over to building owner
HARDENINGIsolate KNX networks behind firewalls and ensure they are not reachable from the Internet or business networks
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGReview and follow the KNX Secure Checklist to implement recommended IT security guidelines for KNX deployments
HARDENINGIf remote access to KNX devices is required, enforce it only through secure VPN connections and keep VPN software updated
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/d6c5ef81-90c3-4cdb-98c4-485b68a1767e