Description

Replay Attack

in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System

Classification

CVE ID: CVE-2024-4009

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.2

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

Affected Products

Vendor: ABB, Busch-Jaeger, ABB, Busch-Jaeger, ABB, Busch-Jaeger, ABB, Busch-Jaeger, ABB, Busch-Jaeger, ABB, Busch-Jaeger, ABB, Busch-Jaeger, ABB, Busch-Jaeger, ABB, Busch-Jaeger, ABB, Busch-Jaeger, ABB, Busch-Jaeger, ABB, Busch-Jaeger

Product: 2.4! Display 55, SD/U12.55.11-825, 2.4! Display 55, SD/SD/U12.55.1-825, 2.4! Display 63, SD/U12.63.11-825, RoomTouch 4", RT/U12.86.1-825, RoomTouch 4", RT/U12.86.11-825, 2,4'' Display 70, SD/U12.70.11-4015, 2,4'' Display 70, SD-U12-70-1-4015, RoomTouch 4", RT/U12.86.11-811, RoomTouch 4", RT-U12-86-1-811, BCU KNX, BA-U1.0.11, BCU KNX, BA-U1.0.1, BCU KNX, BA-U1.0.21

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.66% (scored less or equal to compared to others)

EPSS Date: 2025-04-16 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-4009
https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803&LanguageCode=en&DocumentPartId=&Action=Launch

Timeline