Vulnerabilities > Bakerhughes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-19 | CVE-2023-34437 | Information Exposure vulnerability in Bakerhughes Bentley Nevada 3500 System Firmware 5.0.5 Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device. | 7.5 |
| 2023-10-19 | CVE-2023-34441 | Cleartext Transmission of Sensitive Information vulnerability in Bakerhughes Bentley Nevada 3500 System Firmware 5.0.5 Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests. | 8.2 |
| 2023-10-19 | CVE-2023-36857 | Authentication Bypass by Capture-replay vulnerability in Bakerhughes Bentley Nevada 3500 System Firmware 5.0.5 Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access. | 6.5 |
| 2022-07-26 | CVE-2022-29952 | Missing Authentication for Critical Function vulnerability in Bakerhughes products Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. | 9.1 |
| 2022-07-26 | CVE-2022-29953 | Use of Hard-coded Credentials vulnerability in Bakerhughes products The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. | 9.8 |
| 2022-05-25 | CVE-2021-32997 | Use of Password Hash With Insufficient Computational Effort vulnerability in Bakerhughes products The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. | 5.0 |