// Description
ABB has been contacted by a researcher who identified a vulnerability in one of its products. ABB has been contacted by a researcher who identified a vulnerability in one of its products. The vulnerability report has been shared in responsible disclosure.
An attacker who successfully exploited this vulnerability could cause the product to become unusable.
ABB confirms the vulnerability but at the same time acknowledges that the issue affects exclusively classic KNX devices that are not supporting the latest KNX Secure standard. Due to a lack of security in legacy KNX devices, the issue cannot be resolved via a software change. In order to actively exploit this vulnerability, an attacker requires physical access to the bus, the affected device is connected to.
ABB has no plans of corrective measures.