9.1
CVE-2022-29952
- EPSS 0.27%
- Veröffentlicht 26.07.2022 22:15:10
- Zuletzt bearbeitet 21.11.2024 07:00:03
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginBently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bakerhughes ≫ Bently Nevada 3701/40 Firmware Version < 4.1
Bakerhughes ≫ Bently Nevada 3701/44 Firmware Version < 4.1
Bakerhughes ≫ Bently Nevada 3701/46 Firmware Version < 4.1
Bakerhughes ≫ Bently Nevada 60m100 Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.505 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.