Vulnerabilities > Bakerhughes

DATE CVE VULNERABILITY TITLE RISK
2023-10-19 CVE-2023-34437 Unspecified vulnerability in Bakerhughes Bentley Nevada 3500 System Firmware 5.0.5
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device.
network
low complexity
bakerhughes
7.5
2023-10-19 CVE-2023-34441 Cleartext Transmission of Sensitive Information vulnerability in Bakerhughes Bentley Nevada 3500 System Firmware 5.0.5
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.
network
low complexity
bakerhughes CWE-319
8.2
2023-10-19 CVE-2023-36857 Authentication Bypass by Capture-replay vulnerability in Bakerhughes Bentley Nevada 3500 System Firmware 5.0.5
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access.
network
low complexity
bakerhughes CWE-294
6.5
2022-07-26 CVE-2022-29952 Missing Authentication for Critical Function vulnerability in Bakerhughes products
Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication.
network
low complexity
bakerhughes CWE-306
critical
9.1
2022-07-26 CVE-2022-29953 Use of Hard-coded Credentials vulnerability in Bakerhughes products
The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials.
network
low complexity
bakerhughes CWE-798
critical
9.8
2022-05-25 CVE-2021-32997 Unspecified vulnerability in Bakerhughes products
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No.
network
low complexity
bakerhughes
7.5