CVE-2024-13967 is a critical security vulnerability identified in ABB's EIBPORT V3 KNX devices, specifically affecting firmware versions up to 3.9.8 for both the standard and GSM variants. The vulnerability is classified under CWE-384, which corresponds to session fixation issues. Session fixation vulnerabilities occur when an attacker can fixate or set a user's session identifier (session ID) before the user logs in, enabling the attacker to hijack the authenticated session once the user logs in. In this case, the vulnerability allows an attacker to gain unauthorized access to the configuration web page hosted by the integrated web server on the EIBPORT device. The EIBPORT V3 KNX is a gateway device used in building automation systems to interface KNX installations with IP networks, enabling remote configuration and control of building automation components such as lighting, HVAC, and security systems. The CVSS 4.0 base score of 9.4 (critical) reflects the high severity of this vulnerability, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:A). The vulnerability impacts confidentiality, integrity, and availability at a high level (VC:H, VI:H, VA:H), and the scope is changed (S:H), indicating that exploitation affects components beyond the vulnerable component itself. The vulnerability does not currently have known exploits in the wild, but the potential for exploitation is significant given the critical nature of the device in building automation environments. Successful exploitation would allow attackers to bypass authentication mechanisms by fixing the session ID, thereby gaining unauthorized administrative access to the device's configuration interface. This could lead to manipulation of building automation settings, disruption of services, or further lateral movement within the network.

For European organizations, especially those in sectors relying heavily on building automation such as commercial real estate, manufacturing, healthcare, and critical infrastructure, this vulnerability poses a significant risk. Unauthorized access to EIBPORT V3 KNX devices could allow attackers to alter building control systems, potentially causing operational disruptions, safety hazards, or privacy violations. Given the widespread adoption of ABB's automation products in Europe, exploitation could lead to large-scale impacts including denial of service of building systems, unauthorized surveillance, or sabotage. The criticality is heightened in environments where building automation is integrated with security systems or critical operational technology (OT) networks. Additionally, the vulnerability could be leveraged as a foothold for further network compromise, threatening broader organizational IT and OT assets. The requirement for user interaction may limit automated exploitation but does not eliminate risk, especially in environments where users access device management interfaces regularly. The lack of known exploits in the wild suggests that proactive mitigation is essential to prevent future attacks.

1. Immediate firmware update: Organizations should monitor ABB's official channels for patches addressing CVE-2024-13967 and apply them promptly once available. 2. Network segmentation: Isolate EIBPORT devices on dedicated network segments with strict access controls to limit exposure to untrusted networks and reduce attack surface. 3. Access control hardening: Restrict access to the configuration web interface to trusted IP addresses and implement strong authentication mechanisms where possible. 4. Session management review: Where feasible, configure devices or intermediary systems to enforce secure session management practices, such as regenerating session IDs upon login and setting appropriate session timeouts. 5. Monitor and log access: Enable detailed logging of access to EIBPORT devices and monitor for suspicious activities indicative of session fixation or unauthorized access attempts. 6. User awareness: Educate users who interact with these devices about the risks of session fixation and encourage cautious behavior regarding session handling and authentication workflows. 7. Network intrusion detection: Deploy IDS/IPS solutions capable of detecting anomalous web session behaviors targeting these devices. 8. Temporary mitigations: Until patches are available, consider disabling remote web access to the EIBPORT devices if operationally feasible, or use VPNs with multi-factor authentication to secure remote access.