Undocumented Hardcoded Credentials in Bently Nevada 3700 Series: Critical Vulnerability

Undocumented Hardcoded Credentials in Bently Nevada 3700 Series: Critical Vulnerability

CVE-2022-29953 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality.

Learn more about our Web Application Penetration Testing UK.