Timing Side‑Channel (CVE‑2022‑4304) in Hitachi Energy GMS600 Enables TLS Decryption – Moderate Risk for Critical Manufacturing
What It Is – Hitachi Energy’s GMS600 (versions 1.3.0‑1.3.1) embeds a vulnerable OpenSSL library (CVE‑2022‑4304). The flaw is a timing‑based side‑channel in RSA decryption that can be exploited to recover the TLS pre‑master secret and decrypt application data.
Exploitability – The attack requires the ability to send a very large number of crafted TLS handshake messages and measure processing time. No public exploit code is known, but the technique is well‑understood (Bleichenbacher‑style) and could be weaponized by nation‑state or sophisticated criminal actors. CVSS v3.1 5.9 (Medium).
Affected Products – Hitachi Energy GMS600, firmware ≥ 1.3.0 ≤ 1.3.1 (embedded OpenSSL).
TPRM Impact – Organizations that rely on GMS600 for grid‑monitoring, substation control, or other critical‑manufacturing processes expose confidential operational data to potential interception. A compromised third‑party could harvest TLS traffic, infer network topology, or extract proprietary control‑system information, creating a supply‑chain confidentiality risk.
Recommended Actions –
- Apply Hitachi Energy’s mitigation guidance immediately (see CISA advisory).
- Upgrade to a firmware version that ships with a patched OpenSSL or replace the OpenSSL component with a constant‑time implementation.
- Enforce TLS 1.3 where possible; disable RSA‑PKCS#1 v1.5 cipher suites.
- Deploy network‑level rate‑limiting and anomaly detection for TLS handshake traffic to the GMS600.
- Review third‑party contracts for security‑by‑design clauses and require proof of remediation.
Source: CISA Advisory – ICSA‑26‑141‑01