CVE-2022-29953

Name of the Vulnerable Software and Affected Versions Bently Nevada 3700 series versions through 2022-04-29

Description The issue is related to the use of hardcoded credentials in the maintenance interface of the Bently Nevada 3700 series. This interface is accessible on port 4001/TCP. An attacker who can connect to this interface can easily take control of its functionality, potentially allowing for remote code execution. The maintenance interface has undocumented, hardcoded credentials, which can be exploited by an attacker to gain control.

Recommendations For Bently Nevada 3700 series versions through 2022-04-29, consider disabling the maintenance interface on port 4001/TCP until a patch or fix is available to prevent potential exploitation. Restrict access to this interface to minimize the risk of unauthorized access. As a temporary workaround, limit connections to the maintenance interface to only trusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.