Hitachi Energy GMS600 Vulnerability Advisory
Hitachi Energy GMS600 Vulnerability Advisory
Hitachi Energy is aware of the vulnerability, CVE-2022-4304, in the OSS component OpenSSL, affecting the GMS600 versions 1.3.0 and 1.3.1. This vulnerability impacts Critical Infrastructure Sectors, specifically Critical Manufacturing, worldwide. ⚠️
A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover plaintext across a network in a Bleichenbacher style attack. To achieve successful decryption, an attacker would need to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker who has observed a genuine connection could exploit this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages, the attacker could recover the pre-master secret used for the original connection and thus decrypt the application data sent over that connection. The relevant CWE is CWE-203 Observable Discrepancy.
Remediation
For remediation, a vendor fix is available. Users should upgrade to version 1.3.2. Hitachi Energy’s Internal Team reported this vulnerability to CISA.
Additionally, general mitigation factors and recommended security practices can help protect a process control network. These include:
- Enforcing ingress IP allowlisting
- Applying traffic rate limiting in accordance with the operational security policy
- Physically protecting process control systems from unauthorized access
- Ensuring no direct connections to the Internet
- Isolating networks with firewalls that expose minimal ports
CISA also recommends users take defensive measures to minimize exploitation risk, including:
- Minimizing network exposure for all control system devices
- Ensuring they are not accessible from the internet
- Locating control system networks behind firewalls
- Using secure methods for remote access, such as VPNs
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.