ICSA-21-231-02
·
Published 2022-02-24
·
View on CISA ICS-CERT ↗
Baker Hughes Bently Nevada 3500
CVSS 8.2
HIGH
Risk Summary
Successful exploitation of this vulnerability could allow an attacker access to system credentials.
CVEs (1)
Remediations
- To address this vulnerability, Bently Nevada recommends users obtain 3500 Rack Configuration Version 6.6 or higher from Bently Nevada, which now includes a feature to set enhanced password security. For users that have their 3500 System(s) connected to Bently Nevada's System 1 software, enhanced password security is supported for System 1 Version 21.2 and higher. Using enhanced password security on the 3500 system will break communications with any earlier version of System 1 below Version 21.2
- Use a unique password for each device.
- Only install affected devices on a secured network.
- Bently Nevada product users with a valid Maintenance & Support Agreement may submit questions to Bently Nevada.
Affected Vendors
Bently Nevada, Baker Hughes
Affected Products (4)
Bently Nevada, Baker Hughes
·
System 1 Part No. 3071/xx & 3072/xx
<= 21.1 HF1
Bently Nevada, Baker Hughes
·
System 1 6.x Part No. 3060/00
<= 6.98
Bently Nevada, Baker Hughes
·
3500/22M Firmware Part No. 288055-01
<= 5.05
Bently Nevada, Baker Hughes
·
3500 Rack Configuration Part No. 129133-01
<= 6.4
Affected Sectors
Critical Manufacturing, Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more