CVE-2021-32997 — HIGH (8.2)

Q: How severe is CVE-2021-32997?

CVE-2021-32997 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-32997?

Check the references section above for vendor advisories and patch information. Affected products include: Bakerhughes Bentley Nevada 3500 System 1 6.X \(3060\/00\) Firmware, Bakerhughes Bentley Nevada 3500 System 1 6.X \(3060\/00\), Bakerhughes Bentley Nevada 3500 System 1 \(3072\/Xx\) Firmware, Bakerhughes Bentley Nevada 3500 System 1 \(3072\/Xx\), Bakerhughes Bentley Nevada 3500 System 1 \(3071\/Xx\) Firmware.

Vulnerability Description

The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Bakerhughes	Bentley Nevada 3500 System 1 6.X \(3060\/00\) Firmware	<= 6.98
Bakerhughes	Bentley Nevada 3500 System 1 6.X \(3060\/00\)	-
Bakerhughes	Bentley Nevada 3500 System 1 \(3072\/Xx\) Firmware	< 21.1
Bakerhughes	Bentley Nevada 3500 System 1 \(3072\/Xx\)	-
Bakerhughes	Bentley Nevada 3500 System 1 \(3071\/Xx\) Firmware	< 21.1
Bakerhughes	Bentley Nevada 3500 System 1 \(3071\/Xx\)	-
Bakerhughes	Bentley Nevada 3500\/22M \(288055-01\) Firmware	<= 5.05
Bakerhughes	Bentley Nevada 3500\/22M \(288055-01\)	-
Bakerhughes	Bentley Nevada 3500 Rack Configuration \(129133-01\) Firmware	<= 6.4
Bakerhughes	Bentley Nevada 3500 Rack Configuration \(129133-01\)	-

Related Weaknesses (CWE)

CWE-916

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-231-02Third Party AdvisoryUS Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-231-02Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2021-32997?

CVE-2021-32997 is a vulnerability with a CVSS score of 8.2 (HIGH). The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configu...

How severe is CVE-2021-32997?

CVE-2021-32997 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-32997?

Check the references section above for vendor advisories and patch information. Affected products include: Bakerhughes Bentley Nevada 3500 System 1 6.X \(3060\/00\) Firmware, Bakerhughes Bentley Nevada 3500 System 1 6.X \(3060\/00\), Bakerhughes Bentley Nevada 3500 System 1 \(3072\/Xx\) Firmware, Bakerhughes Bentley Nevada 3500 System 1 \(3072\/Xx\), Bakerhughes Bentley Nevada 3500 System 1 \(3071\/Xx\) Firmware.