๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2023-4346: KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability
Summary
KNX Protocol Connection Authorization Option 1 has a vulnerability where its account lockout mechanism (a security feature that blocks access after failed login attempts) is too weak, allowing attackers to delete all devices and lock them without needing other security protections enabled. This vulnerability is currently being exploited in real attacks.
Solution / Mitigation
Apply mitigations according to vendor instructions while following CISA's BOD 26-04 guidance on prioritizing security updates based on risk. If mitigations are unavailable, discontinue use of the product. Organizations must evaluate whether their systems are exposed to the internet and ensure they meet BOD 26-04 patching deadlines (due by 2026-07-29).
Vulnerability Details
EPSS: 0.5%
Yes
๐ฅ Actively Exploited
July 14, 2026
Classification
Taxonomy References
Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-4346
First tracked: July 15, 2026 at 02:01 PM
Classified by LLM (prompt v3) ยท confidence: 95%