cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram

OT security firm spots 3 vulnerabilities in Baker Hughes rack hardware

Operational technology security company Nozomi Networks has observed three security flaws in a model of a machinery detection system used by a number of Australian energy and industrial organisations.

user icon David Hollingworth
Wed, 27 Sep 2023
OT security firm spots 3 vulnerabilities in Baker Hughes rack hardware
expand image

The three vulnerabilities could allow a threat actor to get around the hardware’s authentication systems by “simply crafting and sending a malicious request”.

The hardware in question – Baker Hughes’ Bently Nevada 3500 machinery protection system – is designed to provide continuous monitoring of rotating machinery and to prevent missed and false trips. It’s basically designed to prevent mechanical failures.

Nozomi Networks focused on the hardware’s Transient Data Interface, in particular, which handles ethernet communications via a proprietary cleartext protocol. Its researchers set up a test bed device with both access- and configuration-level password protection and then reverse-engineered the proprietary protocol, looking for weaknesses.

Nozomi found one high-risk vulnerability and two medium-risk ones, which it immediately disclosed to the vendor.

  • CVE-2023-34437: Exposure of sensitive information to an unauthorised actor

This high-risk flaw lets a threat actor extract both passwords via a simple malicious request, leading to the machinery being fully compromised. Network access is required for the trick to work.

“This could impact the confidentiality, integrity, and availability of processes and operations since extracted information can be leveraged to craft authenticated requests toward the target,” Nozomi’s researchers said in a statement.

  • CVE-2023-34441: Cleartext transmission of sensitive information
  • CVE-2023-36857: Authentication bypass by Capture-replay

Both of these medium-risk vulnerabilities also rely on the threat actor gaining network access, but if they do, these flaws could lead to authentication keys being compromised by man-in-the-middle attacks.

The three vulnerabilities remain unpatched at the time of writing, but Bently Nevada – a Baker Hughes subsidiary – has contacted its customers and is providing mitigation advice to reduce their impact.

Nozomi “recommends asset owners review the hardening guidelines provided by Baker Hughes to confirm or improve the security posture of their operations”.

Comments powered by CComment

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.