Aggregates CVE and security vulnerability intelligence across all bakerhughes-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk path handling and related problems; some flaws may lead to vendor impact file overwrite, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-36857 | Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access. | [email protected] | 5.4 | 0.31% | 2023-10-18 | 2026-06-17 |
| CVE-2023-34441 | Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests. | [email protected] | 6.8 | 0.24% | 2023-10-18 | 2026-06-17 |
| CVE-2023-34437 | Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device. | [email protected] | 7.5 | 0.46% | 2023-10-18 | 2026-06-17 |
| CVE-2022-29953 | The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality. | [email protected] | 9.8 | 0.81% | 2022-07-26 | 2026-06-17 |
| CVE-2022-29952 | Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in questi | [email protected] | 9.1 | 0.86% | 2022-07-26 | 2026-06-17 |
| CVE-2021-32997 | The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access. | [email protected] | 8.2 | 0.31% | 2022-05-25 | 2026-06-16 |