VDB

ICSA-25-160-02

ICSA-25-160-02 PUBLISHED CVSS 5.900000095367432 MEDIUM

Hitachi Energy is aware of the vulnerability CVE-2022-4304 in the OSS component OpenSSL, that affects the Relion 670, 650, SAM600-IO versions that are listed below. An attacker successfully exploiting this vulnerability could send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. For immediate mitigation/workaround information, please refer to the General Mitigation Factors/Workarounds

Risk Scores

CVSS v3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Relion 670/650/SAM600-IO series version 2.2.5 revisions up to 2.2.5.5
Relion 670/650 series version 2.2.0 all revisions
Relion 670 series version 2.2.3 revisions up to 2.2.3.6
Relion 670 series version 2.2.2 revisions up to 2.2.2.5
Relion 670/650/SAM600-IO series version 2.2.1 revisions up to 2.2.1.8
Relion 670/650 series version 2.2.4 revisions up to 2.2.4.3

Timeline

  • Jun 27, 2023 CVE Published
  • Mar 17, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›