GMS600 Versions 1.3.0 and 1.3.1 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/products/gms600-versions-1.3.0-and-1.3.1/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 21 May 2026 16:12:35 +0000Hitachi Energy GMS600 Vulnerable to Bleichenbacher Attack via CVE-2022-4304https://feed.craftedsignal.io/briefs/2026-05-hitachi-gms600-bleichenbacher/Thu, 21 May 2026 16:12:35 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-hitachi-gms600-bleichenbacher/Hitachi Energy GMS600 versions 1.3.0 and 1.3.1 are affected by CVE-2022-4304, a vulnerability in the OpenSSL RSA Decryption implementation; an attacker could exploit this timing-based side channel to recover plaintext across a network in a Bleichenbacher-style attack by sending trial messages to the server and recording processing times, eventually decrypting application data.Hitachi Energy GMS600 versions 1.3.0 and 1.3.1 are vulnerable to a timing-based side-channel attack (CVE-2022-4304) in the OpenSSL RSA decryption implementation. This vulnerability allows a remote attacker to recover plaintext data by exploiting observable discrepancies in processing times. The attack involves sending a large number of trial messages to the server and recording the time taken to process each one. Successful exploitation could allow an attacker to decrypt sensitive application data transmitted over the network. This vulnerability affects all RSA padding modes, including PKCS#1 v1.5, RSA-OEAP, and RSASVE. Hitachi Energy recommends upgrading to version 1.3.2 to mitigate this vulnerability, which was initially disclosed in June 2023 and updated in April 2026.

Attack Chain

  1. Attacker observes a genuine TLS connection between a client and a server using RSA for key exchange.
  2. Attacker crafts a series of trial messages specifically designed to exploit the timing vulnerability in OpenSSL’s RSA decryption implementation.
  3. Attacker sends these trial messages to the GMS600 server.
  4. The GMS600 server processes each trial message, and the attacker records the time taken for each processing attempt.
  5. Attacker analyzes the timing data to identify subtle variations in processing times related to the structure of the encrypted pre-master secret.
  6. After a sufficiently large number of messages, the attacker recovers the pre-master secret used for the original connection.
  7. Attacker decrypts the application data sent over that connection using the recovered pre-master secret.
  8. Attacker gains unauthorized access to sensitive information transmitted between the client and server.

Impact

Successful exploitation of CVE-2022-4304 allows an attacker to decrypt sensitive data transmitted over the network, potentially compromising critical manufacturing processes controlled by the GMS600. Given the wide deployment of GMS600 in critical infrastructure sectors worldwide, this vulnerability poses a significant risk to operational technology environments. Impact could range from loss of confidentiality to unauthorized control of industrial processes.

Recommendation

  • Immediately upgrade Hitachi Energy GMS600 to version 1.3.2 to address the vulnerability (CVE-2022-4304).
  • Implement network segmentation and firewall rules to minimize network exposure of control system devices as described in the “General Mitigation Factors” section of the advisory.
  • Enforce ingress IP allowlisting and traffic rate limiting to protect the control network from external attacks.
]]>mediumadvisorybleichenbachertiming attackopensslcritical infrastructure