CVE-2023-34441 MEDIUM

CVE-2023-34441: Baker Hughes Bently Nevada 3500 System Cleartext Transmission of Sensitive Information

Vendor Baker Hughes - Bently Nevada
Product Bently Nevada 3500 System
Weakness CWE-319 · Cleartext transmission
Published October 18, 2023
Last update September 11, 2024

CVSS base score

6.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.

Key dates

02Disclosure timeline

October 18, 2023 CVE published
September 11, 2024 Record updated