Hitachi Energy Gateway Station (GWS) Product

Plan PatchCVSS 8.1ICS-CERT ICSA-22-242-02Aug 30, 2022

Hitachi EnergyEnergyTransportation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Hitachi Energy Gateway Station (GWS) versions 2.0.0.0 through 3.1.0.0 contain cryptographic or protocol weaknesses (CWE-1357) that allow remote attackers to intercept traffic between the gateway and connected systems without authentication. Successful exploitation enables eavesdropping on sensitive network traffic, unauthorized access to information flowing through the gateway, and denial-of-service conditions that could disrupt operational communications. The vulnerabilities are remotely exploitable with low attack complexity and no known public exploits at present.

What this means

What could happen

An attacker could intercept and read sensitive traffic between systems connected to the GWS, potentially extracting control commands or sensitive data, and could cause the gateway to become unavailable, disrupting communication between operational networks and field devices.

Who's at risk

Energy utilities and transportation systems operators who rely on Hitachi Energy Gateway Station (GWS) for SCADA communication and control system integration. Any installation of GWS versions 2.0.0.0 through 3.1.0.0 is affected. This is critical for operators of substations, distribution control centers, and other grid infrastructure that depend on the GWS for reliable gateway communication.

How it could be exploited

An attacker with network access to the GWS can exploit a cryptographic or protocol weakness to intercept encrypted traffic between the gateway and connected systems. The low attack complexity means the attacker does not need specialized knowledge or tools, and no user interaction is required. Once traffic is intercepted, the attacker can eavesdrop on commands or data flowing through the gateway or inject malicious data to cause a denial of service.

Prerequisites

Network-level access to GWS (direct routing or VLAN access)
GWS deployed in an affected version (2.0.0.0 through 3.1.0.0)
No special credentials or authentication required

Remotely exploitableNo authentication requiredLow attack complexityNo fix available for all currently deployed versionsAffects energy and transportation critical infrastructureHigh CVSS score (8.1)

Exploitability

Some exploitation risk — EPSS score 1.0%

Affected products (7)

7 pending

ProductAffected VersionsFix Status

GWS: 3.1.0.03.1.0.0No fix yet

GWS: 2.0.0.0 and earlier≤ 2.0.0.0No fix yet

GWS: 2.2.0.02.2.0.0No fix yet

GWS: 2.3.0.02.3.0.0No fix yet

GWS: 2.1.0.02.1.0.0No fix yet

GWS: 3.0.0.03.0.0.0No fix yet

GWS: 2.4.0.02.4.0.0No fix yet

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGImplement network segmentation: isolate the GWS and its connected field devices on a separate network segment, allowing only necessary communication ports through a firewall

HARDENINGRestrict network access to GWS to only authorized engineering workstations and control systems; block all internet-facing connections to the gateway

WORKAROUNDAvoid using GWS systems for internet access, email, or file transfers that could introduce malware

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade to GWS 3.2.0.0 or later when released and available from Hitachi Energy

Long-term hardening

0/1

HARDENINGMonitor GWS traffic for unexpected connections or eavesdropping attempts using network intrusion detection

CVEs (1)

CVE-2020-1968

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d7e06d9d-62cb-42ef-b60d-15f62ee66acf

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.