CVE-2021-32997

The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-231-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:bakerhughes:bentley_nevada_3500_system_1_6.x_\(3060\/00\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bakerhughes:bentley_nevada_3500_system_1_6.x_\(3060\/00\):-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:bakerhughes:bentley_nevada_3500_system_1_\(3072\/xx\)_firmware::::::::
	cpe:2.3:o:bakerhughes:bentley_nevada_3500_system_1_\(3072\/xx\)_firmware:21.1:-::::::

cpe:2.3:h:bakerhughes:bentley_nevada_3500_system_1_\(3072\/xx\):-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:bakerhughes:bentley_nevada_3500_system_1_\(3071\/xx\)_firmware::::::::
	cpe:2.3:o:bakerhughes:bentley_nevada_3500_system_1_\(3071\/xx\)_firmware:21.1:-::::::

cpe:2.3:h:bakerhughes:bentley_nevada_3500_system_1_\(3071\/xx\):-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:bakerhughes:bentley_nevada_3500\/22m_\(288055-01\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bakerhughes:bentley_nevada_3500\/22m_\(288055-01\):-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:bakerhughes:bentley_nevada_3500_rack_configuration_\(129133-01\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bakerhughes:bentley_nevada_3500_rack_configuration_\(129133-01\):-:*:*:*:*:*:*:*

History

14 Jun 2022, 13:43

Type	Values Removed	Values Added
CPE		cpe:2.3:h:bakerhughes:bentley_nevada_3500_system_1_\(3072\/xx\):-:::::::* cpe:2.3:o:bakerhughes:bentley_nevada_3500_system_1_\(3071\/xx\)_firmware:21.1:-:::::: cpe:2.3:o:bakerhughes:bentley_nevada_3500_system_1_6.x_\(3060\/00\)_firmware:::::::: cpe:2.3:h:bakerhughes:bentley_nevada_3500_rack_configuration_\(129133-01\):-:::::::* cpe:2.3:h:bakerhughes:bentley_nevada_3500_system_1_6.x_\(3060\/00\):-:::::::* cpe:2.3:o:bakerhughes:bentley_nevada_3500_system_1_\(3072\/xx\)_firmware:21.1:-:::::: cpe:2.3:o:bakerhughes:bentley_nevada_3500\/22m_\(288055-01\)_firmware:::::::: cpe:2.3:o:bakerhughes:bentley_nevada_3500_system_1_\(3071\/xx\)_firmware:::::::: cpe:2.3:h:bakerhughes:bentley_nevada_3500_system_1_\(3071\/xx\):-:::::::* cpe:2.3:o:bakerhughes:bentley_nevada_3500_rack_configuration_\(129133-01\)_firmware:::::::: cpe:2.3:o:bakerhughes:bentley_nevada_3500_system_1_\(3072\/xx\)_firmware:::::::: cpe:2.3:h:bakerhughes:bentley_nevada_3500\/22m_\(288055-01\):-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 7.5
References	~~(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-21-231-02 -~~	(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-21-231-02 - Third Party Advisory, US Government Resource
First Time		Bakerhughes bentley Nevada 3500\/22m \(288055-01\) Firmware Bakerhughes bentley Nevada 3500\/22m \(288055-01\) Bakerhughes bentley Nevada 3500 Rack Configuration \(129133-01\) Bakerhughes bentley Nevada 3500 System 1 6.x \(3060\/00\) Firmware Bakerhughes bentley Nevada 3500 System 1 \(3071\/xx\) Firmware Bakerhughes bentley Nevada 3500 System 1 \(3072\/xx\) Bakerhughes Bakerhughes bentley Nevada 3500 System 1 \(3071\/xx\) Bakerhughes bentley Nevada 3500 System 1 \(3072\/xx\) Firmware Bakerhughes bentley Nevada 3500 System 1 6.x \(3060\/00\) Bakerhughes bentley Nevada 3500 Rack Configuration \(129133-01\) Firmware

25 May 2022, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-25 14:15

Updated : 2023-12-10 14:22

NVD link : CVE-2021-32997

Mitre link : CVE-2021-32997

CVE.ORG link : CVE-2021-32997

JSON object : View

Products Affected

bakerhughes

bentley_nevada_3500_system_1_\(3071\/xx\)
bentley_nevada_3500\/22m_\(288055-01\)
bentley_nevada_3500_rack_configuration_\(129133-01\)_firmware
bentley_nevada_3500\/22m_\(288055-01\)_firmware
bentley_nevada_3500_system_1_6.x_\(3060\/00\)
bentley_nevada_3500_system_1_6.x_\(3060\/00\)_firmware
bentley_nevada_3500_system_1_\(3072\/xx\)_firmware
bentley_nevada_3500_system_1_\(3071\/xx\)_firmware
bentley_nevada_3500_rack_configuration_\(129133-01\)
bentley_nevada_3500_system_1_\(3072\/xx\)

CWE

CWE-916

Use of Password Hash With Insufficient Computational Effort

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-32997

7.5^/10

5.0^/10

Attach tags to `CVE-2021-32997`