Bently Nevada 3701/46 Firmware

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:o:bakerhughes:bently_nevada_3701\/46_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

VendorBakerhughes (ce74d102-fdc2-545e-9faf-00be423aec47)
ProductBently Nevada 3701/46 Firmware (68800e53-faaa-5728-896b-0eb50c89c69d)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-29953 vulnerable 2026-06-03 14:46:59.881606 Details available
The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality.
Published: 2022-07-26T21:42:30.000Z
Updated: 2024-08-03T06:33:43.195Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-29952 vulnerable 2026-06-03 14:46:59.879355 Details available
Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
Published: 2022-07-26T21:42:17.000Z
Updated: 2024-08-03T06:33:43.189Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.