CVE-2023-4346

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 29, 2023

Updated: Sep 11, 2023

CWE ID 645

Summary

CVE-2023-4346 is a vulnerability affecting certain KNX devices with KNX Connection Authorization and Option 1. These devices, if not properly secured, can be locked and rendered inaccessible to users. The BCU key feature, intended to provide a password for device access, can instead be exploited by attackers to set new passwords that cannot be reset without the current password. Network access or physical access to the device allows an attacker to exploit this vulnerability, potentially locking all devices in the KNX installation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sWIjFK
https://www.cve.org/CVERecord?id=CVE-2023-4346
https://nvd.nist.gov/vuln/detail/CVE-2023-4346

Back to Vulnerability Database

CVE-2023-4346

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations