CVE-2023-36857 MEDIUM

CVE-2023-36857: Baker Hughes Bently Nevada 3500 System Authentication Bypass by Capture-replay

Vendor Baker Hughes - Bently Nevada
Product Bently Nevada 3500 System
Weakness CWE-294
Published October 18, 2023
Last update January 16, 2025

CVSS base score

5.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access.

Key dates

02Disclosure timeline

October 18, 2023 CVE published
January 16, 2025 Record updated