Main Vulnerability Database Vulnerabilities #VU794

Improper authorization in GE Bently Nevada 3500/22M - CVE-2016-5788

Published: October 6, 2016 / Updated: October 7, 2016

Vulnerability identifier: #VU794

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-5788

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
GE Bently Nevada 3500/22M

Software vendor:
Bently Nevada

Description

The vulnerability allows a remote unauthenticated user to obtain elevated privileges.

The vulnerability exists due to presence of several open ports on the device, which allow unauthenticated attacker to gain privileged access. A remote attacker can connect to the device and perform certain actions as legitimate user.

Successful exploitation of this vulnerability results in malicious user's unauthorized access to the affected device with elevated privileges.

Remediation

Update your firmware to version 5.0.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-16-252-01

Improper authorization in GE Bently Nevada 3500/22M - CVE-2016-5788

Description

Remediation

External links

Please verify you're human