CVE-2023-34437 HIGH

CVE-2023-34437: Baker Hughes Bently Nevada 3500 System Incorrect Permission Assignment for Critical Resource

Vendor Baker Hughes - Bently Nevada
Product Bently Nevada 3500 System
Weakness CWE-732
Published October 18, 2023
Last update January 16, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device.

Key dates

02Disclosure timeline

October 18, 2023 CVE published
January 16, 2025 Record updated