What is the CVSS score of CVE-2024-13967?

CVE-2024-13967 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Siemens are affected by CVE-2024-13967?

A high-severity vulnerability in EIBPORT V3 KNX devices (versions through 3.9.8) allows attackers to bypass authentication and access sensitive configuration web pages.

How to fix or mitigate CVE-2024-13967?

Within 24 hours: Identify and inventory all EIBPORT V3 KNX and KNX GSM devices in your environment and document their network locations. Within 7 days: Implement network segmentation to restrict administrative access to EIBPORT devices to authorized personnel only; disable remote web administration if not operationally critical; enable comprehensive logging and monitoring of all access attempts to these devices. Within 30 days: Establish a change management process to apply the vendor patch immediately upon release; conduct a security audit of all configuration changes made to affected devices during the vulnerability window.

Siemens CVE-2024-13967

EUVD-2024-54646 HIGH

Session Fixation (CWE-384)

2025-06-04 cybersecurity@ch.abb.com

Authentication Bypass Information Disclosure Siemens

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:29 euvd

EUVD-2024-54646

Analysis Generated

Mar 14, 2026 - 17:29 vuln.today

CVE Published

Jun 04, 2025 - 08:15 nvd

HIGH 8.8

DescriptionNVD

This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT.

This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8.

AnalysisAI

CVE-2024-13967 is an authentication bypass vulnerability in EIBPORT V3 KNX web server that allows unauthenticated attackers to access sensitive configuration pages through the integrated web interface. Affects EIBPORT V3 KNX and EIBPORT V3 KNX GSM through version 3.9.8. Successful exploitation enables complete compromise of the device including confidentiality, integrity, and availability of configuration settings and potentially the entire KNX installation.

Technical ContextAI

EIBPORT is a KNX gateway device with an integrated web server for remote configuration and management. The vulnerability resides in the web application layer (CWE-384: Improper Authentication) where the server fails to properly validate authentication credentials before granting access to administrative configuration interfaces. KNX (Konnex) is a European standard for building automation used in HVAC, lighting, and security systems. The affected products are: CPE:2.3:a:weinzierl:eibport_v3_knx:*:*:*:*:*:*:*:* (versions up to 3.9.8) and CPE:2.3:a:weinzierl:eibport_v3_knx_gsm:*:*:*:*:*:*:*:* (versions up to 3.9.8). The root cause is inadequate session management or missing authentication checks on protected configuration endpoints, allowing network-accessible exploitation without prior authentication.

RemediationAI

Upgrade EIBPORT V3 KNX to version 3.9.9 or later; priority: Critical Upgrade EIBPORT V3 KNX GSM to version 3.9.9 or later; priority: Critical Mitigation: Restrict network access to the EIBPORT web interface using firewall rules; allow only from trusted administrative networks Mitigation: Disable remote web access if not required; configure the device to accept web interface connections only from local/internal network segments Mitigation: Implement network segmentation to isolate KNX gateway devices from direct internet exposure Mitigation: Monitor web server logs for suspicious access attempts to configuration endpoints Detection: Check current firmware version in device administration panel; verify installed version is 3.9.9 or higher

CVE-2024-13967 vulnerability details – vuln.today

Back

Siemens CVE-2024-13967

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code