Baker Hughes Bently Nevada 3500 System Cleartext Transmission of Sensitive Information
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05
contains a cleartext transmission vulnerability which could allow an attacker to
steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.
Description: CWE-319 Cleartext Transmission of Sensitive Information
Metrics
Version
Base score
Base severity
Vector
3.1
6.8
MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Version:3.1
Base score:6.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
Configurations
Workarounds
Baker Hughes – Bently Nevada recommends that users follow their
hardening guidelines to reduce the risk of exploitation. Customers who
have registered for access to Baker Hughes DAM may directly access the
hardening guideline at https://dam.bakerhughes.com/media/?mediaId=32F7FC2F-9F22-4C69-BB847565B7834D08 https://dam.bakerhughes.com/media/ .For customers that do not have access to Baker Hughes DAM may send an email to bentlysupport@bakerhughes.com to request document 106M9733.