Thursday, July 16, 2026

CISA Adds KNX Protocol Vulnerability to KEV Catalog – 7-15-26

Yesterday, CISA announced that it had added an overly restrictive account lockout mechanism vulnerability in the KNX Connection Authorization Protocol to the Known Exploited Vulnerability (KEV) catalog. The KNX Association previously disclosed the vulnerability in August of 2023. The KNX association provides generic set up suggestions to mitigate the vulnerability. 

The vulnerability was originally reported by Felix Eberstaller of Limes Security. The Limes Security Blog reported three campaigns {(2021 & 2023 here) and (2024 here)} exploiting the vulnerability. Limes reported having an unlock tool for affected devices. 

CISA has directed federal agencies using affected devices to apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk guidance and CISA’s “Forensics Triage Requirements”. Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. CISA has established a compliance deadline of July 26th, 2026. 

No comments:

 
/* Use this with templates/template-twocol.html */