SB2023092719 - Multiple vulnerabilities in Bently Nevada 3500

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023092719

SB2023092719 - Multiple vulnerabilities in Bently Nevada 3500

Published: September 27, 2023

Security Bulletin ID SB2023092719
Severity
Medium
Patch available
NO
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2023-34437)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the password retrieval functionality. A remote attacker can gain unauthorized access to sensitive information on the system.


2) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-34441)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.


3) Authentication Bypass by Capture-replay (CVE-ID: CVE-2023-36857)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to authentication bypass by capture-replay. A remote attacker on the local network can steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References