🔴 Critical  |  Source: CISA Known Exploited Vulnerabilities


CVE-2023-4346 affects the KNX building automation protocol, where a flaw in Connection Authorization Option 1 allows an attacker to wipe all devices on a KNX installation and set a BCU key to permanently lock them out — without needing any additional security credentials. This is a known-exploited vulnerability, meaning it has been actively used in real-world attacks. Buildings using KNX-based smart systems for lighting, HVAC, and access control may be at risk of operational disruption or physical security compromise.

Security Architect’s Take: Audit any OT/IoT estate for KNX-connected infrastructure and ensure Connection Authorization Option 1 is not the sole security mechanism in use — enforce higher-tier KNX security options or network-segment KNX devices behind strict firewall rules to prevent unauthorised access from IT or cloud-connected networks.

Original advisory: CVE-2023-4346: KNX Association KNX Protocol Connection Authorization Option 1