Strix
26.1K

CVE-2023-34441

HIGHCVSS 8.2/10EPSS 0.24%

Last modified

CVE-2023-34441 is a high-severity vulnerability rated 8.2/10 on the CVSS scale. Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests. . EPSS estimates a 0.24% chance of exploitation in the next 30 days.

Description

Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.

Metrics

CVSS 3.1
8.2/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS Probability
0.24%

15.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
BakerhughesBentley Nevada 3500 System Firmware5.0.5

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-34441?
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.
How severe is CVE-2023-34441?
CVE-2023-34441 has a CVSS score of 8.2/10 (HIGH severity). The EPSS model estimates a 0.24% probability of exploitation in the next 30 days.
How do I fix CVE-2023-34441?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-34441?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST