OpenSSL vulnerability - not affecting PLAXIS 2D or PLAXIS 3D [Solved]

ApplicationPLAXIS 2D
Issue status  Solved
First Affected VersionPLAXIS 2D 2023.1
Found in VersionPLAXIS 2D 2023.1
Fixed and Released in VersionPLAXIS 2D 2023.2
Issue #1149242
Date created24 April 2023
Date modified1 August 2023

Problem description

PLAXIS 2D 2023.1 introduced the possibility of importing geometry directly from Seequent Central. The Central is a cloud-hosted service that works as a shared workspace, making projects accessible, shareable and collaborative.

The data shared with Central is transmitted to a secure HTTPS channel using the well-known and widely used OpenSSL toolkit.

Recently, a new medium-risk security vulnerability was reported (CVE-2022-4203: that is present in the OpenSSL version that is used by PLAXIS 2D to communicate with Central.

This vulnerability does not affect PLAXIS 2D users since PLAXIS 2D always connects to a secure Central server hosted by Seequent. The server would need to be compromised for the vulnerability to be exploited.

Note that PLAXIS 3D is not affected by this issue at all.

This issue is now resolved in PLAXIS 2D 2023.2.