Golang Vulnerabilities in Brownfield Connectivity - Gateway before V1.10.1

Plan Patch7.5SSA-744259Feb 14, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in the Golang implementation within Brownfield Connectivity - Gateway (versions before V1.11) could lead to Denial of Service. These vulnerabilities are related to improper input validation, resource exhaustion, and other memory/protocol handling issues (CWE-119, CWE-20, CWE-400, CWE-668, CWE-770, CWE-295). Successful exploitation could crash the Gateway service and interrupt connectivity between legacy systems and modern networks.

What this means

What could happen

An attacker could crash the Brownfield Connectivity Gateway and disrupt communication between legacy systems and modern networks, affecting operational visibility and control of connected equipment.

Who's at risk

Operators of legacy manufacturing systems and process automation equipment that rely on Brownfield Connectivity - Gateway to bridge older control systems with modern enterprise networks should update immediately. This affects facilities using legacy PLC networks, SCADA systems, or older manufacturing equipment connected through the Gateway for data exchange.

How it could be exploited

An attacker on the network could send specially crafted network requests to the Gateway's network interface, triggering a Denial of Service condition that exhausts resources or crashes the service.

Prerequisites

Network access to the Brownfield Connectivity Gateway on its listening port
No authentication required

remotely exploitableno authentication requiredlow complexityaffects network availability and operational visibility

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Brownfield Connectivity - Gateway< V1.101.11

Brownfield Connectivity - GatewayV1.10.11.11

Remediation & Mitigation

0/2

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Brownfield Connectivity - Gateway

HOTFIXUpdate Brownfield Connectivity - Gateway to version V1.11 or later

All products

HOTFIXContact Siemens customer support to obtain the update package

CVEs (8)

CVE-2021-41771 CVE-2021-41772 CVE-2021-44716 CVE-2021-44717 CVE-2022-24675 CVE-2022-24921 CVE-2022-27536 CVE-2022-28327

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/dbbac0ff-96ff-4669-98d1-47a587eca92e