N/A

Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.

N/A

N/A

Baker Hughes Bently Nevada 3701/40 访问控制错误漏洞

Baker Hughes Bently Nevada 3701/40是美国Baker Hughes公司的一种状态检测系统。 Bently Nevada 3701/4X 系列和 60M100 (3701/60) 版本中存在访问控制错误漏洞，该漏洞源于受影响的产品在固件中的维护接口凭据上具有硬编码，允许调试和进程执行功能，攻击者利用该漏洞可以文件操作、远程代码执行或导致拒绝服务。

N/A

N/A