Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
knx vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4346
KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the ...
Knx Connection Authorization -
NA
CVE-2023-33276
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the suppl...
Gira Knx Ip Router Firmware 3.1.3683.0
Gira Knx Ip Router Firmware 3.3.8.0
NA
CVE-2023-33277
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote malicious user to read sensitive files via directory-traversal sequences in the URL.
Gira Knx Ip Router Firmware 3.1.3683.0
Gira Knx Ip Router Firmware 3.3.8.0
NA
CVE-2023-25556
A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation.
Schneider-electric Merten Instabus Tastermodul 1fach System M Firmware 1.0
Schneider-electric Merten Instabus Tastermodul 2fach System M Firmware 1.0
Schneider-electric Merten Tasterschnittstelle 4fach Plus Firmware 1.0
Schneider-electric Merten Tasterschnittstelle 4fach Plus Firmware 1.2
Schneider-electric Merten Knx Argus 180\\/2\\,20m Up System Firmware 1.0
Schneider-electric Merten Jalousie-\\/schaltaktor Reg-k\\/8x\\/16x\\/10 M. Hb Firmware 1.0
Schneider-electric Merten Knx Uni-dimmaktor Ll Reg-k\\/2x230\\/300 W Firmware 1.0
Schneider-electric Merten Knx Uni-dimmaktor Ll Reg-k\\/2x230\\/300 W Firmware 1.1
Schneider-electric Merten Knx Schaltakt.2x6a Up M.2 Eing. Firmware 0.1
4.6
CVSSv2
CVE-2017-20084
A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KNX Group Address. The manipulation leads to backdoor. Local access is required to approach thi...
Jung-group Smart Visu Server Firmware 1.0.804
Jung-group Smart Visu Server Firmware 1.0.830
Jung-group Smart Visu Server Firmware 1.0.832
7.8
CVSSv2
CVE-2021-37740
A denial of service vulnerability exists in MDT's firmware for the KNXnet/IP Secure router SCN-IP100.03 and KNX IP interface SCN-IP000.03 before v3.0.4, that allows a remote malicious user to turn the device unresponsive to all requests on the KNXnet/IP Secure layer, until t...
Mdt Scn-ip000.03 Firmware
Mdt Scn-ip100.03 Firmware
1 Github repository
5
CVSSv2
CVE-2021-22806
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prio...
Schneider-electric Spacelynk Firmware
Schneider-electric Wiser For Knx Firmware
Schneider-electric Fellerlynk Firmware
5
CVSSv2
CVE-2022-22809
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser fo...
Schneider-electric Spacelynk Firmware
Schneider-electric Wiser For Knx Firmware
Schneider-electric Fellerlynk Firmware
8.8
CVSSv2
CVE-2022-22811
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system?s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk (V2.6.2 and prio...
Schneider-electric Spacelynk Firmware
Schneider-electric Wiser For Knx Firmware
Schneider-electric Fellerlynk Firmware
4.3
CVSSv2
CVE-2022-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affect...
Schneider-electric Spacelynk Firmware
Schneider-electric Wiser For Knx Firmware
Schneider-electric Fellerlynk Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »