Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

OT security firm spots 3 vulnerabilities in Baker Hughes rack hardware

Operational technology security company Nozomi Networks has observed three security flaws in a model of a machinery detection system used by a number of Australian energy and industrial organisations.

user icon David Hollingworth
Wed, 27 Sep 2023
OT security firm spots 3 vulnerabilities in Baker Hughes rack hardware
expand image

The three vulnerabilities could allow a threat actor to get around the hardware’s authentication systems by “simply crafting and sending a malicious request”.

The hardware in question – Baker Hughes’ Bently Nevada 3500 machinery protection system – is designed to provide continuous monitoring of rotating machinery and to prevent missed and false trips. It’s basically designed to prevent mechanical failures.

Nozomi Networks focused on the hardware’s Transient Data Interface, in particular, which handles ethernet communications via a proprietary cleartext protocol. Its researchers set up a test bed device with both access- and configuration-level password protection and then reverse-engineered the proprietary protocol, looking for weaknesses.

============
============

Nozomi found one high-risk vulnerability and two medium-risk ones, which it immediately disclosed to the vendor.

  • CVE-2023-34437: Exposure of sensitive information to an unauthorised actor

This high-risk flaw lets a threat actor extract both passwords via a simple malicious request, leading to the machinery being fully compromised. Network access is required for the trick to work.

“This could impact the confidentiality, integrity, and availability of processes and operations since extracted information can be leveraged to craft authenticated requests toward the target,” Nozomi’s researchers said in a statement.

  • CVE-2023-34441: Cleartext transmission of sensitive information
  • CVE-2023-36857: Authentication bypass by Capture-replay

Both of these medium-risk vulnerabilities also rely on the threat actor gaining network access, but if they do, these flaws could lead to authentication keys being compromised by man-in-the-middle attacks.

The three vulnerabilities remain unpatched at the time of writing, but Bently Nevada – a Baker Hughes subsidiary – has contacted its customers and is providing mitigation advice to reduce their impact.

Nozomi “recommends asset owners review the hardening guidelines provided by Baker Hughes to confirm or improve the security posture of their operations”.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.