CVE-2022-29952

26.07.2022, 22:15

Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 26%

Vendor	Product	Version
bakerhughes	bently_nevada_3701\/40_firmware	𝑥 < 4.1
bakerhughes	bently_nevada_3701\/44_firmware	𝑥 < 4.1
bakerhughes	bently_nevada_3701\/46_firmware	𝑥 < 4.1
bakerhughes	bently_nevada_60m100_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-306 - Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02

https://www.forescout.com/blog/

https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02

https://www.forescout.com/blog/