Multiple Vulnerabilites in Siemens Brownfield Connectivity - Client before V2.15
Act Now9.8SSA-953464Feb 14, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Siemens Brownfield Connectivity - Client versions before 2.15 contain multiple vulnerabilities in the underlying OpenSSL library (CWE-78 OS command injection, CWE-295 certificate validation, CWE-327 weak cryptography, CWE-404 improper resource handling). Successful exploitation could lead to denial of service. A patch is available in version 2.15 and later.
What this means
What could happen
An attacker with network access could exploit OpenSSL vulnerabilities in Brownfield Connectivity - Client to cause service outages, disrupting communication between legacy systems and modern infrastructure, which could interrupt data logging, monitoring, or integration tasks in your plant.
Who's at risk
Operations and IT teams running Siemens Brownfield Connectivity - Client for legacy system integration, data migration, or bridge communication between older and modern manufacturing/utility systems should prioritize this update.
How it could be exploited
An attacker on the network sends malicious traffic to the Brownfield Connectivity - Client application targeting known OpenSSL flaws. The vulnerable OpenSSL library processes the traffic and crashes or becomes unresponsive, causing the client to stop communicating with connected systems.
Prerequisites
- Network connectivity to the Brownfield Connectivity - Client application
- Client running version 2.15 or earlier
remotely exploitableno authentication requiredlow complexityhigh EPSS score (41.2%)denial of service impact
Exploitability
High exploit probability (EPSS 41.2%)
Affected products (1)
ProductAffected VersionsFix Status
Brownfield Connectivity - Client< V2.152.15
Remediation & Mitigation
0/2
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate Brownfield Connectivity - Client to version 2.15 or later
HOTFIXContact Siemens customer support to obtain and deploy the update through your change management process
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e8fccd4a-057b-4f81-838a-ed7b395e3082