CVE-2023-34441

Summary

Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05

contains a cleartext transmission vulnerability which could allow an attacker to

steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.

Affected Software

VendorProductVersion RangeStatus
Baker Hughes - Bently NevadaBently Nevada 3500 System5.05affected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

Workarounds

Baker Hughes – Bently Nevada recommends that users follow their hardening guidelines to reduce the risk of exploitation. Customers who have registered for access to Baker Hughes DAM may directly access the hardening guideline at https://dam.bakerhughes.com/media/?mediaId=32F7FC2F-9F22-4C69-BB847565B7834D08 https://dam.bakerhughes.com/media/ .For customers that do not have access to Baker Hughes DAM may send an email to bentlysupport@bakerhughes.com to request document 106M9733.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References