CVE-2023-36857
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05
contains a replay vulnerability which could allow an attacker to
replay older captured packets of traffic to the device to gain access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Baker Hughes - Bently Nevada | Bently Nevada 3500 System | 5.05 | affected |
Weaknesses
- CWE-294: CWE-294 Authentication Bypass by Capture-replay
Workarounds
Baker Hughes – Bently Nevada recommends that users follow their hardening guidelines to reduce the risk of exploitation. Customers who have registered for access to Baker Hughes DAM may directly access the hardening guideline at https://dam.bakerhughes.com/media/?mediaId=32F7FC2F-9F22-4C69-BB847565B7834D08 https://dam.bakerhughes.com/media/ .For customers that do not have access to Baker Hughes DAM may send an email to bentlysupport@bakerhughes.com to request document 106M9733.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.