| Application | PLAXIS 2D |
| Issue status | Solved |
| First Affected Version | PLAXIS 2D 2023.1 |
| Found in Version | PLAXIS 2D 2023.1 |
| Fixed and Released in Version | PLAXIS 2D 2023.2 |
| Issue # | 1149242 |
| Date created | 24 April 2023 |
| Date modified | 1 August 2023 |
PLAXIS 2D 2023.1 introduced the possibility of importing geometry directly from Seequent Central. The Central is a cloud-hosted service that works as a shared workspace, making projects accessible, shareable and collaborative.
The data shared with Central is transmitted to a secure HTTPS channel using the well-known and widely used OpenSSL toolkit.
Recently, a new medium-risk security vulnerability was reported (CVE-2022-4203: https://nvd.nist.gov/vuln/detail/CVE-2022-4203) that is present in the OpenSSL version that is used by PLAXIS 2D to communicate with Central.
This vulnerability does not affect PLAXIS 2D users since PLAXIS 2D always connects to a secure Central server hosted by Seequent. The server would need to be compromised for the vulnerability to be exploited.
Note that PLAXIS 3D is not affected by this issue at all.
This issue is now resolved in PLAXIS 2D 2023.2.