Building Automation System Exploit Brings KNX Security Back in Spotlight  – Source: www.securityweek.com

A public exploit targeting building automation systems has brought KNX security back into the spotlight, with industrial giant Schneider Electric releasing a security bulletin to warn customers about the potential risks.

KNX is a widely used open standard for commercial and residential building automation. It can be used to control security systems, lighting, HVAC, energy management, and many other smart building systems.

Its developers warned in 2021 that smart building installations, including ones based on KNX, had been increasingly targeted in attacks. 

In one attack reported at the time, aimed at a German engineering company, hackers had taken control of internet-exposed building automation devices and locked the victim’s employees out of the system. For unclear reasons, the attackers had bricked hundreds of automation control devices, causing the building to lose all of its smart functionality. 

In a security bulletin published late last month, Schneider Electric notified customers that it had become aware of the public availability of an exploit targeting KNX home and building automation systems. 

The PoC exploit that Schneider is warning about, published in March, targets the company’s SpaceLynk and Wiser for KNX (formerly HomeLynk) products. However, the French industrial giant said its FellerLynk products are impacted as well. 

The exploit targets two known vulnerabilities: one addressed by the vendor in February 2022 (CVE-2022-22809) and one addressed in August 2020 (CVE-2020-7525). 

Threat actors could use the vulnerabilities to access admin functionality without a password through a directory traversal, or access the administration panel through a brute-force attack. 

The hacker who made public this exploit recently also published PoCs targeting fueling systems. 

Schneider issued a warning over KNX attacks back in 2021 and now says “this new exploit brings further attention to the recommended mitigations in that security bulletin”.

There do not appear to be any new reports about these or other KNX vulnerabilities being exploited in the wild. However, Schneider warned that it’s aware of some end-users exposing old and unpatched versions of its products to the internet.

The company has provided recommendations on how customers can prevent attacks. Those who believe their KNX system has been compromised have been urged to contact its customer care center. 

Related: Critical Siemens RTU Vulnerability Could Allow Hackers to Destabilize Power Grid

Related: New Data Sharing Platform Serves as Early Warning System for OT Security Threats

Related: Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks