Vulnerability Details CVE-2022-29953
The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.1%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2022-29953
-
cpe:2.3:h:bakerhughes:bently_nevada_3701/40:-
-
cpe:2.3:h:bakerhughes:bently_nevada_3701/44:-
-
cpe:2.3:h:bakerhughes:bently_nevada_3701/46:-
-
cpe:2.3:h:bakerhughes:bently_nevada_60m100:-
-
cpe:2.3:o:bakerhughes:bently_nevada_3701/40_firmware:-
-
cpe:2.3:o:bakerhughes:bently_nevada_3701/44_firmware:-
-
cpe:2.3:o:bakerhughes:bently_nevada_3701/46_firmware:-
-
cpe:2.3:o:bakerhughes:bently_nevada_60m100_firmware:-