KNX Association · KNX Protocol Connection Authorization Option 1
Updated July 16, 2026
This vulnerability is due to an overly restrictive account lockout mechanism in the KNX Protocol, which can be exploited to purge devices without additional security. The impact is mainly related to device security and access control. It is essential to address this vulnerability to prevent unauthorized access to devices.
If exploited, this vulnerability could allow an attacker to lock devices using a BCU key, leading to loss of access and potential disruption of services. However, the impact is somewhat limited by the requirement for specific conditions to be met.
Update the KNX Protocol Connection Authorization Option 1 to the latest version, which includes fixes for this vulnerability. Review device security settings to ensure additional security options are enabled where necessary.