Vulnerabilities (CVE)

Filtered by vendor Bakerhughes Subscribe
Filtered by product Bently Nevada 3701\/40
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29953 1 Bakerhughes 8 Bently Nevada 3701\/40, Bently Nevada 3701\/40 Firmware, Bently Nevada 3701\/44 and 5 more 2024-11-21 N/A 9.8 CRITICAL
The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality.
CVE-2022-29952 1 Bakerhughes 8 Bently Nevada 3701\/40, Bently Nevada 3701\/40 Firmware, Bently Nevada 3701\/44 and 5 more 2024-11-21 N/A 9.1 CRITICAL
Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.