![SWTB_logo_rgb_color_mode-wPadding-2000x961.png]](https://help.softwaretoolbox.com/hs-fs/hubfs/SWTB_General/Images/Press_Kit/SWTB_logo_rgb_color_mode-wPadding-2000x961.png?height=50&name=SWTB_logo_rgb_color_mode-wPadding-2000x961.png){kind=logo}
NIST Advisory CVE-2022-2274 - OpenSSL 3.0.4 Vulnerability - How are Software Toolbox Products Affected?
The National Institute of Standards and Technology (NIST) has identified a vulnerability pertaining to the RSA implementation for x86_64 CPUs supporting the AVX512IFMA instructions. Does this affect Software Toolbox Products?
Reference IDs
NIST: CVE-2022-2274
Full details are available on the NIST National Vulnerability Database (CVE-2022-2274)
The CVE-2022-2274 vulnerability affects systems running OpenSSL 3.0.4 that risked x64 systems with Intel’s Advanced Vector Extensions 512 (AVX512). RSA implementation with 2048-bit private keys are incorrect on such machines and memory corruption will happen during the computation. Malicious attackers may be able to trigger a remote code execution on the affected machine performing the computation.
Software Toolbox has determined whether the CVE-2022-2274 vulnerability affects the following products:
NOT AFFECTED
- TOP Server
- OmniServer
- SLIK-DA
- Cogent DataHub
- OPC Data Client
- OPC Data Logger (OpenSSL is not used in this product)
- OPC Router
We are currently working on gathering additional data on our other products and will update this notice accordingly. Please refer to our page on Current OpenSSL Usage in our Products
We strongly recommend that users have an active support & maintenance agreement for their industrial control software and keep their systems on current versions, in keeping with their company's cybersecurity standards and NIST and other global cybersecurity best practices. Current versions of Software Toolbox Products are available from our products website
If you have a question regarding this advisory, please open a support ticket.