Vulnerability-Lookup

CVE-2022-29953 (GCVE-0-2022-29953)

Vulnerability from cvelistv5 – Published: 2022-07-26 21:42 – Updated: 2024-08-03 06:33

Summary

The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.forescout.com/blog/	x_refsource_MISC
	https://www.cisa.gov/uscert/ics/advisories/icsa-2…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:33:43.195Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.forescout.com/blog/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-26T21:42:30",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.forescout.com/blog/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-29953",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.forescout.com/blog/",
              "refsource": "MISC",
              "url": "https://www.forescout.com/blog/"
            },
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-29953",
    "datePublished": "2022-07-26T21:42:30",
    "dateReserved": "2022-04-29T00:00:00",
    "dateUpdated": "2024-08-03T06:33:43.195Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bakerhughes:bently_nevada_3701\\\\/40_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.1\", \"matchCriteriaId\": \"0D92B5C5-BA42-4F57-843D-AE5CCD018755\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bakerhughes:bently_nevada_3701\\\\/40:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43F3A6C3-FAFA-4798-A861-280C86C86792\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bakerhughes:bently_nevada_3701\\\\/44_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.1\", \"matchCriteriaId\": \"DE58522B-45F7-43DE-B30C-803238E24CF6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bakerhughes:bently_nevada_3701\\\\/44:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55145ED4-ABB2-4ABF-815F-D7B9F93B2FB0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bakerhughes:bently_nevada_3701\\\\/46_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.1\", \"matchCriteriaId\": \"2C076FF4-8D1E-4370-BF9E-91056543F423\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bakerhughes:bently_nevada_3701\\\\/46:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5182FFD7-A4A2-4E81-907E-F25EA9EA6251\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bakerhughes:bently_nevada_60m100_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"268F94F1-8636-4A4C-8821-87C55CC1458D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bakerhughes:bently_nevada_60m100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B43A4AA-BDFD-4AD1-80BF-686F8F8D517C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality.\"}, {\"lang\": \"es\", \"value\": \"La serie de equipos de monitorizaci\\u00f3n de condiciones Bently Nevada 3700 hasta 29-04-2022, presenta una interfaz de mantenimiento en el puerto 4001/TCP con credenciales no documentadas y embebidas. Un atacante capaz de conectarse a esta interfaz puede, por lo tanto, tomar trivialmente su funcionalidad.\"}]",
      "id": "CVE-2022-29953",
      "lastModified": "2024-11-21T07:00:03.370",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2022-07-26T22:15:10.883",
      "references": "[{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.forescout.com/blog/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.forescout.com/blog/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-798\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-29953\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-07-26T22:15:10.883\",\"lastModified\":\"2024-11-21T07:00:03.370\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality.\"},{\"lang\":\"es\",\"value\":\"La serie de equipos de monitorizaci\u00f3n de condiciones Bently Nevada 3700 hasta 29-04-2022, presenta una interfaz de mantenimiento en el puerto 4001/TCP con credenciales no documentadas y embebidas. Un atacante capaz de conectarse a esta interfaz puede, por lo tanto, tomar trivialmente su funcionalidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bakerhughes:bently_nevada_3701\\\\/40_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1\",\"matchCriteriaId\":\"0D92B5C5-BA42-4F57-843D-AE5CCD018755\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bakerhughes:bently_nevada_3701\\\\/40:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43F3A6C3-FAFA-4798-A861-280C86C86792\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bakerhughes:bently_nevada_3701\\\\/44_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1\",\"matchCriteriaId\":\"DE58522B-45F7-43DE-B30C-803238E24CF6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bakerhughes:bently_nevada_3701\\\\/44:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55145ED4-ABB2-4ABF-815F-D7B9F93B2FB0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bakerhughes:bently_nevada_3701\\\\/46_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1\",\"matchCriteriaId\":\"2C076FF4-8D1E-4370-BF9E-91056543F423\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bakerhughes:bently_nevada_3701\\\\/46:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5182FFD7-A4A2-4E81-907E-F25EA9EA6251\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bakerhughes:bently_nevada_60m100_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"268F94F1-8636-4A4C-8821-87C55CC1458D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bakerhughes:bently_nevada_60m100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B43A4AA-BDFD-4AD1-80BF-686F8F8D517C\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.forescout.com/blog/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.forescout.com/blog/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

GSD-2022-29953

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-29953

Aliases

CVE-2022-29953

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-29953",
    "description": "The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality.",
    "id": "GSD-2022-29953"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-29953"
      ],
      "details": "The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality.",
      "id": "GSD-2022-29953",
      "modified": "2023-12-13T01:19:41.905882Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-29953",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.forescout.com/blog/",
            "refsource": "MISC",
            "url": "https://www.forescout.com/blog/"
          },
          {
            "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02",
            "refsource": "MISC",
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:bakerhughes:bently_nevada_3701\\/40_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0D92B5C5-BA42-4F57-843D-AE5CCD018755",
                    "versionEndExcluding": "4.1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:bakerhughes:bently_nevada_3701\\/40:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "43F3A6C3-FAFA-4798-A861-280C86C86792",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:bakerhughes:bently_nevada_3701\\/44_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DE58522B-45F7-43DE-B30C-803238E24CF6",
                    "versionEndExcluding": "4.1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:bakerhughes:bently_nevada_3701\\/44:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "55145ED4-ABB2-4ABF-815F-D7B9F93B2FB0",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:bakerhughes:bently_nevada_3701\\/46_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2C076FF4-8D1E-4370-BF9E-91056543F423",
                    "versionEndExcluding": "4.1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:bakerhughes:bently_nevada_3701\\/46:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5182FFD7-A4A2-4E81-907E-F25EA9EA6251",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:bakerhughes:bently_nevada_60m100_firmware:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "268F94F1-8636-4A4C-8821-87C55CC1458D",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:bakerhughes:bently_nevada_60m100:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3B43A4AA-BDFD-4AD1-80BF-686F8F8D517C",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality."
          },
          {
            "lang": "es",
            "value": "La serie de equipos de monitorizaci\u00f3n de condiciones Bently Nevada 3700 hasta 29-04-2022, presenta una interfaz de mantenimiento en el puerto 4001/TCP con credenciales no documentadas y embebidas. Un atacante capaz de conectarse a esta interfaz puede, por lo tanto, tomar trivialmente su funcionalidad."
          }
        ],
        "id": "CVE-2022-29953",
        "lastModified": "2024-02-13T15:56:40.490",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2022-07-26T22:15:10.883",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mitigation",
              "Third Party Advisory",
              "US Government Resource"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.forescout.com/blog/"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-798"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

ICSA-22-188-02

Vulnerability from csaf_cisa - Published: 2022-07-07 00:00 - Updated: 2022-07-07 00:00

Summary

Bently Nevada ADAPT 3701/4X Series and 60M100

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow file manipulation, remote code execution, or cause a denial-of-service condition.

Critical infrastructure sectors

Multiple Sectors

Countries/areas deployed

Worldwide

Company headquarters location

United States

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability these vulnerabilities. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Daniel dos Santos",
          "Jos Wetzels"
        ],
        "organization": "Forescout Technologies",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow file manipulation, remote code execution, or cause a denial-of-service condition.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Multiple Sectors",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-22-188-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-188-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-22-188-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-188-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-188-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      }
    ],
    "title": "Bently Nevada ADAPT 3701/4X Series and 60M100",
    "tracking": {
      "current_release_date": "2022-07-07T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-22-188-02",
      "initial_release_date": "2022-07-07T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2022-07-07T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 4.1",
                "product": {
                  "name": "Bently Nevada 3701/40: All versions prior to 4.1",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Bently Nevada 3701/40"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 4.1",
                "product": {
                  "name": "Bently Nevada 3701/44: All versions prior to 4.1",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Bently Nevada 3701/44"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 4.1",
                "product": {
                  "name": "Bently Nevada 3701/46: All versions prior to 4.1",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "Bently Nevada 3701/46"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vers:all/*",
                "product": {
                  "name": "Bently Nevada 60M100 (3701/60): All versions",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "Bently Nevada 60M100 (3701/60)"
          }
        ],
        "category": "vendor",
        "name": "Bently Nevada, Baker Hughes"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-29953",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected product has credentials for the maintenance interface hardcoded in the firmware. The maintenance interface allows for debug and process execution capabilities, which could allow remote code execution or cause a denial-of-service condition.CVE-2022-29953 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29953"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Bently Nevada recommend users upgrade 3701/4x series to Version 4.1.1712.0601 or higher, which has the diagnostics port disabled and the hardcoded credentials removed from the firmware image.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://bntechsupport.com/"
        },
        {
          "category": "mitigation",
          "details": "Bently Nevada 60M100 Ethernet Port B, which is for diagnostics where Port 4001/TCP is enabled, should not be connected during normal operation. The 3701/60 is approaching end-of-life status and users are encouraged to upgrade to 60M100.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "For support information, users should contact the Bently Nevada technical support team by email, phone (+1 775-215-1818), or website at Bently Nevada Support (login required).",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "mailto:bentlysupport@bakerhughes.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-29952",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected product uses protocols to provide configuration management and historical data related functionality without any authentication features, which may allow an attacker to read or write files on the controllers or cause a denial-of-service condition.CVE-2022-29952 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29952"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Bently Nevada recommend users upgrade 3701/4x series to Version 4.1.1712.0601 or higher, which has the diagnostics port disabled and the hardcoded credentials removed from the firmware image.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://bntechsupport.com/"
        },
        {
          "category": "mitigation",
          "details": "Bently Nevada 60M100 Ethernet Port B, which is for diagnostics where Port 4001/TCP is enabled, should not be connected during normal operation. The 3701/60 is approaching end-of-life status and users are encouraged to upgrade to 60M100.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "For support information, users should contact the Bently Nevada technical support team by email, phone (+1 775-215-1818), or website at Bently Nevada Support (login required).",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "mailto:bentlysupport@bakerhughes.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    }
  ]
}

GHSA-Q25F-HC6J-2JPW

Vulnerability from github – Published: 2022-07-27 00:00 – Updated: 2024-02-13 18:38

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-29953"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-26T22:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality.",
  "id": "GHSA-q25f-hc6j-2jpw",
  "modified": "2024-02-13T18:38:22Z",
  "published": "2022-07-27T00:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29953"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02"
    },
    {
      "type": "WEB",
      "url": "https://www.forescout.com/blog"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2022-29953

Vulnerability from fkie_nvd - Published: 2022-07-26 22:15 - Updated: 2024-11-21 07:00

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02	Mitigation, Third Party Advisory, US Government Resource
cve@mitre.org	https://www.forescout.com/blog/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02	Mitigation, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.forescout.com/blog/	Third Party Advisory

Impacted products

Vendor	Product	Version
bakerhughes	bently_nevada_3701\/40_firmware	*
bakerhughes	bently_nevada_3701\/40	-
bakerhughes	bently_nevada_3701\/44_firmware	*
bakerhughes	bently_nevada_3701\/44	-
bakerhughes	bently_nevada_3701\/46_firmware	*
bakerhughes	bently_nevada_3701\/46	-
bakerhughes	bently_nevada_60m100_firmware	-
bakerhughes	bently_nevada_60m100	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:bakerhughes:bently_nevada_3701\\/40_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D92B5C5-BA42-4F57-843D-AE5CCD018755",
              "versionEndExcluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:bakerhughes:bently_nevada_3701\\/40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F3A6C3-FAFA-4798-A861-280C86C86792",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:bakerhughes:bently_nevada_3701\\/44_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE58522B-45F7-43DE-B30C-803238E24CF6",
              "versionEndExcluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:bakerhughes:bently_nevada_3701\\/44:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "55145ED4-ABB2-4ABF-815F-D7B9F93B2FB0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:bakerhughes:bently_nevada_3701\\/46_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C076FF4-8D1E-4370-BF9E-91056543F423",
              "versionEndExcluding": "4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:bakerhughes:bently_nevada_3701\\/46:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5182FFD7-A4A2-4E81-907E-F25EA9EA6251",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:bakerhughes:bently_nevada_60m100_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "268F94F1-8636-4A4C-8821-87C55CC1458D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:bakerhughes:bently_nevada_60m100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B43A4AA-BDFD-4AD1-80BF-686F8F8D517C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality."
    },
    {
      "lang": "es",
      "value": "La serie de equipos de monitorizaci\u00f3n de condiciones Bently Nevada 3700 hasta 29-04-2022, presenta una interfaz de mantenimiento en el puerto 4001/TCP con credenciales no documentadas y embebidas. Un atacante capaz de conectarse a esta interfaz puede, por lo tanto, tomar trivialmente su funcionalidad."
    }
  ],
  "id": "CVE-2022-29953",
  "lastModified": "2024-11-21T07:00:03.370",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-26T22:15:10.883",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.forescout.com/blog/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-188-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.forescout.com/blog/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-29953 (GCVE-0-2022-29953)

GSD-2022-29953

ICSA-22-188-02

GHSA-Q25F-HC6J-2JPW

FKIE_CVE-2022-29953

Tags

Sightings

Nomenclature