CVE DATABASE / CVE-2022-29953
CVE-2022-29953
CVSS 9.8 · CRITICAL
Summary
The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality.
CVSS 3.1 breakdown
| Base score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Bakerhughes bently nevada 3701\/40 firmwareBakerhughes bently nevada 3701\/40Bakerhughes bently nevada 3701\/44 firmwareBakerhughes bently nevada 3701\/44Bakerhughes bently nevada 3701\/46 firmwareBakerhughes bently nevada 3701\/46Bakerhughes bently nevada 60m100 firmwareBakerhughes bently nevada 60m100
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
Data: NIST NVD. NVD last modified 2024-11-21. Always verify against the vendor advisory before acting.