Skip to content
feed: live
>_ 0dayNews
CVE Record
[ MEDIUM ] CVE-2023-4346

KNX Connection Authorization Option 1 account-lockout misuse

The account-lockout mechanism in the KNX Association's Connection Authorization Option 1 lets an unauthenticated attacker on a KNX segment purge devices and set a BCU key that locks legitimate operators out. Added to CISA KEV 2026-07-15.

cat cve-2023-4346.json
Vendor
KNX Association
Product
KNX Protocol (Connection Authorization Option 1)
CVSS
N/A
EPSS (exploit probability)
N/A
Status
kev
Published

CVE-2023-4346 is an overly restrictive account-lockout mechanism (CWE-645) in the KNX Association’s Connection Authorization Option 1 scheme, the basic security profile for the KNX building-automation bus. An attacker able to speak KNX on the same segment as target devices — reachable through a KNXnet/IP gateway on a routable network, a compromised building-management workstation, or RF proximity for KNX RF — can trigger the lockout on every device on the segment without any authentication, then set a Bus Coupling Unit (BCU) key of their choice that legitimate operators cannot easily reverse. The result is a persistent denial-of-service across a KNX installation: lights, HVAC, blinds, access control, or whichever subsystem the bus carries.

Enabling the extended security options provided by the KNX standard (Connection Authorization Option 2 and KNX Secure) mitigates the flaw; the CISA advisory scopes the impact specifically to installations that have left those options disabled, which remains the shipped default for the majority of installed KNX segments.

CISA published ICSA-23-236-01 on 24 August 2023 and added CVE-2023-4346 to the Known Exploited Vulnerabilities catalog on 15 July 2026, bringing it under BOD 26-04 remediation timelines for federal civilian executive branch agencies. The NVD entry carries the CVE record.

See the article KNX account-lockout flaw added to CISA KEV, three years on for the full write-up.