ICSA-22-188-02 · Published 2022-07-07 · View on CISA ICS-CERT ↗

Bently Nevada ADAPT 3701/4X Series and 60M100

CVSS 9.1 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow file manipulation, remote code execution, or cause a denial-of-service condition.

CVE-2022-29953 CVE-2022-29952

Bently Nevada recommend users upgrade 3701/4x series to Version 4.1.1712.0601 or higher, which has the diagnostics port disabled and the hardcoded credentials removed from the firmware image.
Bently Nevada 60M100 Ethernet Port B, which is for diagnostics where Port 4001/TCP is enabled, should not be connected during normal operation. The 3701/60 is approaching end-of-life status and users are encouraged to upgrade to 60M100.
For support information, users should contact the Bently Nevada technical support team by email, phone (+1 775-215-1818), or website at Bently Nevada Support (login required).

Bently Nevada, Baker Hughes

Bently Nevada, Baker Hughes · Bently Nevada 3701/40 < 4.1

Bently Nevada, Baker Hughes · Bently Nevada 3701/44 < 4.1

Bently Nevada, Baker Hughes · Bently Nevada 3701/46 < 4.1

Bently Nevada, Baker Hughes · Bently Nevada 60M100 (3701/60) vers:all/*

Multiple Sectors

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.