Baker Hughes Bently Nevada 3500 System Authentication Bypass by Capture-replay
Description
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05
contains a replay vulnerability which could allow an attacker to
replay older captured packets of traffic to the device to gain access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Bently Nevada 3500 TDI Firmware 5.05 replay vulnerability allows attackers to reuse captured packets to gain unauthorized device access.
Vulnerability
Bently Nevada 3500 System TDI Firmware version 5.05 contains an authentication bypass by capture-replay vulnerability (CWE-294). The device accepts out-of-sequence messages from older communications, allowing an attacker to replay previously captured packets [1].
Exploitation
An attacker with network access can capture legitimate traffic to the device and subsequently replay older packets without authentication (CVSS v3 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). No user interaction or special privileges are required [1].
Impact
Successful exploitation enables an attacker to bypass authentication, gain unauthorized access to the device, and potentially retrieve sensitive information stored on the system [1].
Mitigation
As of the advisory publication date (2023-10-18), Baker Hughes has not released a firmware update to address this vulnerability. Users are advised to contact Baker Hughes support for mitigation guidance and monitor CISA advisories for updates [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: =5.05
- Baker Hughes - Bently Nevada/Bently Nevada 3500 Systemv5Range: 5.05
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.