Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Building Automation System Exploit Brings KNX Security Back in Spotlight 

A public exploit targeting building automation systems brings KNX security back into the spotlight, with Schneider Electric releasing a security bulletin.

Building automation system exploit

A public exploit targeting building automation systems has brought KNX security back into the spotlight, with industrial giant Schneider Electric releasing a security bulletin to warn customers about the potential risks.

KNX is a widely used open standard for commercial and residential building automation. It can be used to control security systems, lighting, HVAC, energy management, and many other smart building systems.

Its developers warned in 2021 that smart building installations, including ones based on KNX, had been increasingly targeted in attacks. 

In one attack reported at the time, aimed at a German engineering company, hackers had taken control of internet-exposed building automation devices and locked the victim’s employees out of the system. For unclear reasons, the attackers had bricked hundreds of automation control devices, causing the building to lose all of its smart functionality. 

In a security bulletin published late last month, Schneider Electric notified customers that it had become aware of the public availability of an exploit targeting KNX home and building automation systems. 

The PoC exploit that Schneider is warning about, published in March, targets the company’s SpaceLynk and Wiser for KNX (formerly HomeLynk) products. However, the French industrial giant said its FellerLynk products are impacted as well. 

The exploit targets two known vulnerabilities: one addressed by the vendor in February 2022 (CVE-2022-22809) and one addressed in August 2020 (CVE-2020-7525). 

Threat actors could use the vulnerabilities to access admin functionality without a password through a directory traversal, or access the administration panel through a brute-force attack. 

Advertisement. Scroll to continue reading.

The hacker who made public this exploit recently also published PoCs targeting fueling systems. 

Schneider issued a warning over KNX attacks back in 2021 and now says “this new exploit brings further attention to the recommended mitigations in that security bulletin”.

There do not appear to be any new reports about these or other KNX vulnerabilities being exploited in the wild. However, Schneider warned that it’s aware of some end-users exposing old and unpatched versions of its products to the internet.

The company has provided recommendations on how customers can prevent attacks. Those who believe their KNX system has been compromised have been urged to contact its customer care center. 

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta

Related: Critical Siemens RTU Vulnerability Could Allow Hackers to Destabilize Power Grid

Related: New Data Sharing Platform Serves as Early Warning System for OT Security Threats

Related: Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories.