CVE-2022-29953

Vulnerability

The Bently Nevada 3700 series condition monitoring equipment (models 3701/40, 3701/44, 3701/46, and 60M100) exposes a maintenance interface on TCP port 4001 with undocumented, hardcoded credentials stored in the firmware [1]. Affected versions: 3701/40, 3701/44, and 3701/46 prior to 4.1; all versions of the 60M100 (3701/60) [1]. The interface provides debug and process execution capabilities [1].

Exploitation

An attacker with network access to the maintenance interface on port 4001/TCP can connect using the hardcoded credentials; no authentication or user interaction is required [1]. Once connected, the attacker can issue commands through the debug and process execution functions [1]. The attack vector is remote, with low complexity (CVSS AV:N/AC:L) [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code, manipulate files, or cause a denial-of-service condition on the affected device [1]. The impact is high for integrity and availability (CVSS I:H/A:H), with no effect on confidentiality (C:N) [1]. The attacker gains full control over the maintenance functionality.

Mitigation

Bently Nevada has released version 4.1 for the 3701/40, 3701/44, and 3701/46 models to remove the hardcoded credentials [1]. The 60M100 (3701/60) remains affected with no fix mentioned in the references [1]. Users should apply the update for the fixed models and, for the 60M100, restrict network access to port 4001/TCP using firewalls or VLAN segmentation until a patch is available [1].