Baker Hughes Bently Nevada 3500
Plan Patch8.2ICS-CERT ICSA-21-231-02Aug 19, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Bently Nevada 3500 monitoring systems contain a weakness in how system credentials are stored. An attacker with network access to an affected 3500 device can extract stored passwords. The vulnerability affects multiple product variants: System 1 Part No. 3071/xx and 3072/xx (firmware ≤21.1 HF1), System 1 6.x Part No. 3060/00 (≤6.98), 3500/22M Firmware Part No. 288055-01 (≤5.05), and 3500 Rack Configuration Part No. 129133-01 (≤6.4).
What this means
What could happen
An attacker who gains network access to a Bently Nevada 3500 monitoring system could extract stored system credentials, potentially allowing them to access other critical equipment on the network or modify monitoring configurations.
Who's at risk
Water and electric utilities operating Bently Nevada 3500 machinery condition monitoring systems should prioritize this vulnerability. The 3500 platform is commonly used for bearing temperature, vibration, and blade eccentricity monitoring on rotating equipment like pumps, motors, and turbines. If compromised, an attacker could gain credentials to access or manipulate these critical sensors.
How it could be exploited
An attacker with network access to the 3500 device can extract stored passwords or credentials due to weak credential storage mechanisms. If the device is accessible from your engineering network or connected to System 1 software, credentials could be harvested and used to access other devices in the plant.
Prerequisites
- Network access to the 3500 device (port unspecified in advisory, likely HTTP/HTTPS or proprietary protocol)
- No authentication required to trigger credential access
- Device must be reachable from attacker's network position
remotely exploitableno authentication requiredlow complexityno patch available for older hardware versionscredential exposure
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (4)
2 with fix2 EOL
ProductAffected VersionsFix Status
3500 Rack Configuration Part No. 129133-01:≤ 6.46.6 or higher
System 1 Part No. 3071/xx & 3072/xx:≤ 21.1 HF121.2 or higher
System 1 6.x Part No. 3060/00:≤ 6.98No fix (EOL)
3500/22M Firmware Part No. 288055-01:≤ 5.05No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2HARDENINGEnsure 3500 devices are not accessible from the Internet; block inbound access from untrusted networks at the firewall
WORKAROUNDUse unique, strong passwords for each 3500 device and store credentials in a secure vault
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpgrade 3500 Rack Configuration to version 6.6 or higher
HOTFIXUpgrade System 1 software to version 21.2 or higher if your 3500 systems are integrated with System 1
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: System 1 6.x Part No. 3060/00:, 3500/22M Firmware Part No. 288055-01:. Apply the following compensating controls:
HARDENINGImplement network segmentation: place all 3500 devices on a secured, isolated network segment separate from the engineering workstation network
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ef80551f-3976-48b3-82d7-dc33dd50374c