CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
35.7%
Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
Vendor | Product | Version | CPE |
---|---|---|---|
bakerhughes | bently_nevada_3701\/40_firmware | * | cpe:2.3:o:bakerhughes:bently_nevada_3701\/40_firmware:*:*:*:*:*:*:*:* |
bakerhughes | bently_nevada_3701\/40 | - | cpe:2.3:h:bakerhughes:bently_nevada_3701\/40:-:*:*:*:*:*:*:* |
bakerhughes | bently_nevada_3701\/44_firmware | * | cpe:2.3:o:bakerhughes:bently_nevada_3701\/44_firmware:*:*:*:*:*:*:*:* |
bakerhughes | bently_nevada_3701\/44 | - | cpe:2.3:h:bakerhughes:bently_nevada_3701\/44:-:*:*:*:*:*:*:* |
bakerhughes | bently_nevada_3701\/46_firmware | * | cpe:2.3:o:bakerhughes:bently_nevada_3701\/46_firmware:*:*:*:*:*:*:*:* |
bakerhughes | bently_nevada_3701\/46 | - | cpe:2.3:h:bakerhughes:bently_nevada_3701\/46:-:*:*:*:*:*:*:* |
bakerhughes | bently_nevada_60m100_firmware | - | cpe:2.3:o:bakerhughes:bently_nevada_60m100_firmware:-:*:*:*:*:*:*:* |
bakerhughes | bently_nevada_60m100 | - | cpe:2.3:h:bakerhughes:bently_nevada_60m100:-:*:*:*:*:*:*:* |