Siemens Brownfield Connectivity Client

Act NowCVSS 9.8ICS-CERT ICSA-23-047-03Feb 14, 2023

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens Brownfield Connectivity Client versions prior to 2.15 contain multiple vulnerabilities in the underlying OpenSSL library. The vulnerabilities include improper certificate validation (CWE-295), weak cryptographic practices (CWE-327), OS command injection (CWE-78), and improper resource handling (CWE-404). Successful exploitation could lead to denial of service or, depending on the vulnerability, potential remote code execution. These vulnerabilities are remotely exploitable with low attack complexity and require no authentication. No known public exploits exist as of the advisory date, but the high EPSS score (41.2%) indicates significant exploit probability.

What this means

What could happen

An attacker could crash the Brownfield Connectivity Client or potentially execute code on the device through OpenSSL vulnerabilities, disrupting the client's ability to connect to and manage industrial systems.

Who's at risk

Owners of Siemens industrial systems using the Brownfield Connectivity Client software to manage or monitor legacy and modernized devices should care. This affects IT staff managing Siemens automation infrastructure, particularly those using the client for remote asset management or configuration of PLCs, process controllers, and SCADA components.

How it could be exploited

An attacker with network access sends a specially crafted message to the Brownfield Connectivity Client on port 443 or relevant TLS port. The client processes the message using a vulnerable OpenSSL library and either crashes (DoS) or potentially executes arbitrary commands depending on the specific vulnerability triggered.

Prerequisites

Network access to the Brownfield Connectivity Client on its listening port (typically HTTPS)
Client must be running a version prior to 2.15
No authentication required

Remotely exploitableNo authentication requiredLow attack complexityHigh EPSS score (41.2%)Affects connectivity and management tools for critical industrial systems

Exploitability

Likely to be exploited — EPSS score 37.8%

Public Proof-of-Concept (PoC) on GitHub (5 repositories)

Affected products (1)

ProductAffected VersionsFix Status

Brownfield Connectivity - Client<V2.152.15

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to the Brownfield Connectivity Client using firewall rules or network segmentation—only allow connections from authorized engineering workstations and authorized industrial networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Brownfield Connectivity Client to version 2.15 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate the Brownfield Connectivity Client on a separate VLAN or protected subnet with limited inbound access

CVEs (4)

CVE-2022-1292 CVE-2022-1343 CVE-2022-1434 CVE-2022-1473

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b2437f7e-11f7-4630-9db1-09456259ac53

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.