1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Baker Hughes – Bently Nevada
- Equipment: Bently Nevada 3500 System
- Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Cleartext Transmission of Sensitive Information, Authentication Bypass by Capture-replay
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to steal sensitive information and gain access to the device.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of the Bently Nevada 3500 System, a real-time monitoring solution, are affected:
- Bently Nevada 3500 Rack (TDI Firmware): version 5.05
3.2 Vulnerability Overview
3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 has a vulnerability in their password retrieval functionality which could be used by an attacker to access passwords stored on the device.
CVE-2023-34437 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
3.2.2 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 authentication secrets, used with the Connect Password, are passed in cleartext with every request to the device. An attacker could steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.
Read the original article: