8.2
CVE-2021-32997
- EPSS 0.31%
- Veröffentlicht 25.05.2022 14:15:08
- Zuletzt bearbeitet 21.11.2024 06:08:05
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginBaker Hughes Bently Nevada 3500 - Use of Password Hash with Insufficient Computational Effort
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bakerhughes ≫ Bentley Nevada 3500 System 1 6.X (3060/00) Firmware Version <= 6.98
Bakerhughes ≫ Bentley Nevada 3500 System 1 (3072/xx) Firmware Version < 21.1
Bakerhughes ≫ Bentley Nevada 3500 System 1 (3072/xx) Firmware Version21.1 Update-
Bakerhughes ≫ Bentley Nevada 3500 System 1 (3071/xx) Firmware Version < 21.1
Bakerhughes ≫ Bentley Nevada 3500 System 1 (3071/xx) Firmware Version21.1 Update-
Bakerhughes ≫ Bentley Nevada 3500/22m (288055-01) Firmware Version <= 5.05
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.22 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| ics-cert@hq.dhs.gov | 8.2 | 3.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
|
CWE-916 Use of Password Hash With Insufficient Computational Effort
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
https://www.cisa.gov/uscert/ics/advisories/icsa-21-231-02