Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17

Act Now9.8SSA-028723Aug 12, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

BFCClient contains multiple vulnerabilities in its integrated OpenSSL component (CWE-120, CWE-125, CWE-835, CWE-843, CWE-295) that could allow remote attackers to read memory contents, change application behavior, or cause denial of service conditions. The vulnerabilities stem from buffer overflows and improper validation in the embedded OpenSSL library.

What this means

What could happen

An attacker could exploit OpenSSL vulnerabilities in BFCClient to read sensitive data from memory, modify application behavior, or crash the application—affecting process visibility and control in facilities relying on BFC remote terminal unit monitoring.

Who's at risk

Facilities using Siemens BFCClient (Building Facility Control Client) for remote monitoring and control of RTUs (remote terminal units), switchgear, and distributed control systems. This includes water authorities, electric utilities, and building automation operators who rely on BFCClient for remote device management.

How it could be exploited

An attacker with network access to BFCClient can send malformed requests to the OpenSSL component to trigger buffer overflows or other memory corruption flaws, potentially reading memory contents, altering application logic, or causing a denial of service.

Prerequisites

Network access to BFCClient port/service
No authentication required

remotely exploitableno authentication requiredlow complexityhigh EPSS score (88.5%)affects process monitoring and control

Exploitability

High exploit probability (EPSS 88.5%)

Affected products (1)

ProductAffected VersionsFix Status

BFCClient< 2.172.17

Remediation & Mitigation

0/2

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate BFCClient to version 2.17 or later

HOTFIXContact Siemens customer support to obtain the update package

CVEs (5)

CVE-2021-3711 CVE-2021-3712 CVE-2022-0778 CVE-2023-0286 CVE-2023-0464

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d0fb8f12-94e1-4f91-b520-81ef4694eb2e