CVE-2022-29952

Name of the Vulnerable Software and Affected Versions Bently Nevada condition monitoring equipment through 2022-04-29

Description The issue is related to the mishandling of authentication in Bently Nevada condition monitoring equipment. It utilizes the TDI command and data protocols for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in question to invoke desired functionality. The protocols use ports 60005/TCP and 60007/TCP.

Recommendations For Bently Nevada condition monitoring equipment through 2022-04-29, consider restricting access to ports 60005/TCP and 60007/TCP to minimize the risk of exploitation. As a temporary workaround, consider disabling the TDI command and data protocols until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.