THE advisory from CISA addresses a vulnerability in Hitachi Energy's GMS600 due to a flaw in the OpenSSL component (CVE-2022-4304). This vulnerability can allow an attacker to recover sensitive data by exploiting timing discrepancies in RSA decryption. The affected versions are 1.3.0 and 1.3.1. To mitigate the risks, users are advised to upgrade to version 1.3.2 and implement security measures like firewalls and IP allowlisting. The advisory highlights the critical nature of this issue, especially in the context of industrial control systems.
Hitachi Energy GMS600 Fixes OpenSSL Timing Bug CVE-2022-4304
CyberSIXT Evidence Panel
Article by CyberSIXT