CVE-2023-4346 KNX Protocol Connection Authorization Option 1 Account Lockout Vulnerability
KNX Association KNX Protocol Connection Authorization Option 1 contains an overly restrictive account lockout mechanism vulnerability that could allow an attacker to purge all devices without additional security options enabled and set a BCU key to lock the device.
Quick answer
KNX Association KNX Protocol Connection Authorization Option 1 should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- KNX devices using Connection Authorization Option 1 without additional security options
- -
Fixed versions
- Apply vendor and CISA mitigations or discontinue exposed unsupported use
How to fix it
KNX Protocol Connection Authorization Option 1 is affected by this security issue. Follow the vendor or CISA mitigation guidance, reduce exposure, and retest after the change.
- Check every place where KNX Protocol Connection Authorization Option 1 is installed, enabled, or exposed.
- Apply vendor and CISA mitigations or discontinue exposed unsupported use
- Restrict access to trusted users, trusted networks, VPN, or an allowlist until the risk is closed.
- Disable the affected feature, plugin, endpoint, workflow, or exposed service if it is not needed.
- Review logs for unusual access, failed actions, account changes, file writes, or security errors.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm the installed version or configuration is no longer in the affected range.
- Retest the affected page, API, plugin, workflow, or network path.
- Check logs after the change for blocked attempts, crashes, or errors.
- Run a fresh Fixnx scan and save the report.
Related categories
Trusted references
FAQ
What is affected by CVE-2023-4346?
KNX Association KNX Protocol Connection Authorization Option 1 versions listed as affected should be reviewed: KNX devices using Connection Authorization Option 1 without additional security options, -.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
How are Fixnx security risk categories chosen?
Fixnx keeps one canonical risk page and assigns only broad, relevant categories such as ecosystem, technology area, or vulnerability class.
