CVE-2022-29952 - OpenCVE

Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Bakerhughes	Bently Nevada 3701\/46 Bently Nevada 60m100 Bently Nevada 3701\/40 Firmware Bently Nevada 3701\/46 Firmware Bently Nevada 3701\/44 Firmware Bently Nevada 3701\/40 Bently Nevada 60m100 Firmware Bently Nevada 3701\/44

Configuration 1 [-]

AND

cpe:2.3:o:bakerhughes:bently_nevada_3701\/40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bakerhughes:bently_nevada_3701\/40:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:bakerhughes:bently_nevada_3701\/44_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bakerhughes:bently_nevada_3701\/44:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:bakerhughes:bently_nevada_3701\/46_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bakerhughes:bently_nevada_3701\/46:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:bakerhughes:bently_nevada_60m100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bakerhughes:bently_nevada_60m100:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02	Mitigation Third Party Advisory US Government Resource
https://www.forescout.com/blog/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-07-26T21:42:17

Updated: 2022-07-26T21:42:17

Reserved: 2022-04-29T00:00:00

Link: CVE-2022-29952

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-26T22:15:10.843

Modified: 2024-02-09T03:16:01.237

Link: CVE-2022-29952

JSON object: View

Redhat Information

No data.

CWE

CWE-306

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-26T21:42:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.forescout.com/blog/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-29952", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.forescout.com/blog/", "refsource": "MISC", "url": "https://www.forescout.com/blog/"}, {"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-29952", "datePublished": "2022-07-26T21:42:17", "dateReserved": "2022-04-29T00:00:00", "dateUpdated": "2022-07-26T21:42:17", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bakerhughes:bently_nevada_3701\\/40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D92B5C5-BA42-4F57-843D-AE5CCD018755", "versionEndExcluding": "4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bakerhughes:bently_nevada_3701\\/40:-:*:*:*:*:*:*:*", "matchCriteriaId": "43F3A6C3-FAFA-4798-A861-280C86C86792", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bakerhughes:bently_nevada_3701\\/44_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE58522B-45F7-43DE-B30C-803238E24CF6", "versionEndExcluding": "4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bakerhughes:bently_nevada_3701\\/44:-:*:*:*:*:*:*:*", "matchCriteriaId": "55145ED4-ABB2-4ABF-815F-D7B9F93B2FB0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bakerhughes:bently_nevada_3701\\/46_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C076FF4-8D1E-4370-BF9E-91056543F423", "versionEndExcluding": "4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bakerhughes:bently_nevada_3701\\/46:-:*:*:*:*:*:*:*", "matchCriteriaId": "5182FFD7-A4A2-4E81-907E-F25EA9EA6251", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bakerhughes:bently_nevada_60m100_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "268F94F1-8636-4A4C-8821-87C55CC1458D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bakerhughes:bently_nevada_60m100:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B43A4AA-BDFD-4AD1-80BF-686F8F8D517C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality."}, {"lang": "es", "value": "El equipo de monitoreo de condiciones de Bently Nevada versiones hasta 29-04-2022, maneja inapropiadamente la autenticaci\u00f3n. Usa los protocolos de comandos y datos TDI (60005/TCP, 60007/TCP) para las comunicaciones entre el controlador de monitorizaci\u00f3n y el Sistema 1 y/o el software Bently Nevada Monitor Configuration (BNMC). Estos protocolos proporcionan la administraci\u00f3n de la configuraci\u00f3n y la funcionalidad relacionada con los datos hist\u00f3ricos. Ninguno de los dos protocolos presenta caracter\u00edsticas de autenticaci\u00f3n, permitiendo a cualquier atacante capaz de comunicarse con los puertos en cuesti\u00f3n invocar (un subconjunto de) la funcionalidad deseada."}], "id": "CVE-2022-29952", "lastModified": "2024-02-09T03:16:01.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-26T22:15:10.843", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.forescout.com/blog/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}