Description
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Affected products
- Bentley Nevada, a Baker Hughes subsidiary / 3500/22M Firmware, Part No. 288055-01All – 5.05
- Bentley Nevada, a Baker Hughes subsidiary / 3500 Rack Configuration, Part No. 129133-01All – 6.4
- Bentley Nevada, a Baker Hughes subsidiary / 3500 System 1 6.x, Part No. 3060/00All – 6.98
- Bentley Nevada, a Baker Hughes subsidiary / 3500 System 1, Part No. 3071/xx & 3072/xxAll – 21.1 HF1
References
- VENDOR_ADVISORYhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-231-02