nvd-json-data-feeds/CVE-2023/CVE-2023-368xx/CVE-2023-36857.json

{
  "id": "CVE-2023-36857",
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "published": "2023-10-19T00:15:16.203",
  "lastModified": "2023-10-25T14:28:53.610",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "\n\n\nBaker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.05\n\n contains\u00a0a replay vulnerability which could allow an attacker to \n\n\n\nreplay older captured packets of traffic to the device to gain access.\n\n\n\n"
    },
    {
      "lang": "es",
      "value": "Baker Hughes en Bently Nevada 3500 System TDI Firmware versi\u00f3n 5.05 contiene una vulnerabilidad de reproducci\u00f3n que podr\u00eda permitir a un atacante reproducir paquetes de tr\u00e1fico capturados m\u00e1s antiguos en el dispositivo para obtener acceso."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5
      },
      {
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "attackVector": "ADJACENT_NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-294"
        }
      ]
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-294"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:bakerhughes:bentley_nevada_3500_system_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9329A00C-D768-442F-9CDE-0027886D9F3E"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:bakerhughes:bentley_nevada_3500_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDE17D85-8ABE-45B6-9FFB-66B74CCFF1CD"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-05",
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ]
    }
  ]
}