CVE-2021-32997 HIGH

CVE-2021-32997: Baker Hughes Bently Nevada 3500 - Use of Password Hash with Insufficient Computational Effort

Vendor Bentley Nevada, A Baker Hughes Subsidiary
Product 3500 System 1 6.x, Part No. 3060/00
Weakness CWE-916
Published May 25, 2022
Last update April 16, 2025

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access.

Key dates

02Disclosure timeline

May 25, 2022 CVE published
April 16, 2025 Record updated