>samit_hota
Back to advisories
SH-2026-124HighOpen

CISA Adds Two New Actively Exploited Vulnerabilities to KEV Catalog

Samit Hota·
CVE ID
CVE-2023-4346, CVE-2026-46817
CVSS Score
N/A
Affected Products
KNX Association KNX Protocol, Oracle E-Business Suite
#news#cisa

Overview

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding two new vulnerabilities based on evidence of active, in-the-wild exploitation. The newly added entries are CVE-2023-4346, pertaining to an overly restrictive account lockout mechanism in the KNX Association KNX Protocol, and CVE-2026-46817, an improper privilege management vulnerability in Oracle E-Business Suite. These additions underscore the importance of prompt patching and mitigation for all organizations, particularly federal agencies which are mandated to address KEV entries within specified deadlines under Binding Operational Directive (BOD) 26-04.

Technical Details

CVE-2023-4346 (KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability): This vulnerability affects the KNX Protocol, a standard for building automation. The “Overly Restrictive Account Lockout Mechanism” suggests an issue where an attacker could potentially bypass or exhaust an account lockout feature through repeated attempts, possibly enabling brute-force attacks or account enumeration without adequate protection. Successful exploitation could lead to unauthorized access to KNX-based building management systems, which control various aspects of smart homes and commercial buildings, from lighting to HVAC systems. The active exploitation indicates that threat actors are targeting these often-overlooked industrial control system (ICS) components.

CVE-2026-46817 (Oracle E-Business Suite Improper Privilege Management Vulnerability): This vulnerability in Oracle E-Business Suite (EBS) relates to improper privilege management. Such flaws typically allow a low-privileged user or an attacker to gain elevated privileges within the application. This could enable unauthorized access to sensitive data, modification of critical business processes, or even administrative control over parts of the EBS environment. Oracle E-Business Suite is a comprehensive suite of business applications, and a privilege escalation within it could have far-reaching consequences for an organization’s financial, supply chain, and human resources operations. Active exploitation suggests attackers are actively seeking to compromise critical enterprise resource planning (ERP) systems.

Real-World Impact

The inclusion of these vulnerabilities in CISA’s KEV Catalog signifies that they are actively being leveraged by malicious actors. For CVE-2023-4346, compromise of KNX systems could lead to disruption of essential building services, unauthorized surveillance, or even physical security breaches in smart buildings. In critical infrastructure settings, this could have cascading effects on operational technology (OT) environments. For CVE-2026-46817, the impact on Oracle E-Business Suite could be severe, ranging from data theft of sensitive financial or personal information to the manipulation of business-critical data, leading to financial fraud, reputational damage, and significant operational downtime. Federal agencies, bound by BOD 26-04, face compliance risks in addition to the direct cybersecurity threats if these vulnerabilities are not promptly remediated.

Threat Landscape

The active exploitation of vulnerabilities in both building automation systems (KNX) and enterprise resource planning software (Oracle EBS) illustrates the broad and opportunistic nature of current cyber threats. Threat actors are increasingly targeting niche but critical systems like KNX for access to physical infrastructure and highly integrated platforms like Oracle EBS for access to an organization’s most valuable data and processes. The KEV Catalog serves as a critical indicator of vulnerabilities that have moved beyond theoretical risk to proven compromise, making them a top priority for defenders. This emphasizes that no system, regardless of its perceived obscurity or commonality, is immune to targeted attacks once vulnerabilities become known and weaponized.

Remediation

All organizations, particularly federal civilian executive branch (FCEB) agencies, must prioritize the remediation of CVE-2023-4346 and CVE-2026-46817 immediately.

  1. Patching: Apply the latest security patches and updates released by KNX Association and Oracle for their respective affected products. Organizations should consult vendor advisories for specific patch versions and deployment instructions.
  2. Network Segmentation: For KNX systems, implement robust network segmentation to isolate building automation networks from enterprise IT networks, minimizing the blast radius of a potential compromise.
  3. Strong Authentication: Ensure strong authentication mechanisms are in place, including multi-factor authentication (MFA), particularly for administrative interfaces of Oracle E-Business Suite and any gateways to KNX systems.
  4. Least Privilege: Enforce the principle of least privilege for all users and services interacting with KNX components and Oracle EBS, limiting the potential impact of a privilege escalation.
  5. Vulnerability Scanning and Monitoring: Regularly scan for these and other known exploited vulnerabilities and monitor system logs for any indicators of compromise related to these flaws.
  6. Incident Response: Develop and test incident response plans specifically for critical business systems like Oracle EBS and OT environments.

Adhering to CISA’s guidance and promptly addressing these actively exploited vulnerabilities is essential to bolster an organization’s defensive posture against pervasive threats.

Found something similar in your stack?

Let's find out before it becomes an incident.

Book an advisory call