What is CVE-2021-32997?

CVE-2021-32997 is a high-severity vulnerability in Bentley Nevada, A Baker Hughes Subsidiary 3500/22m Firmware, Part No. 288055-01, classified under Use of Password Hash With Insufficient Computational Effort. CVSS score: 8.2/10. Published 2022-05-25.

How severe is CVE-2021-32997?

High severity. CVSS v3 base score is 8.2 out of 10.

Vulnerability in Bentley Nevada, A Baker Hughes Subsidiary 3500/22m Firmware, Part No. 288055-01

CVE-2021-32997

The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4…

EPSS: 0.001 (16.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.

Affected products

Bentley Nevada, A Baker Hughes Subsidiary 3500/22m Firmware, Part No. 288055-01 — versions All
Bentley Nevada, A Baker Hughes Subsidiary 3500 Rack Configuration, Part No. 129133-01 — versions All
Bentley Nevada, A Baker Hughes Subsidiary 3500 System 1 6.x, Part No. 3060/00 — versions All
Bentley Nevada, A Baker Hughes Subsidiary 3500 System 1, Part No. 3071/xx & 3072/xx — versions All

Weakness classification (CWE)

CWE-916 — Use of Password Hash With Insufficient Computational Effort

References

www.cisa.gov/uscert/ics/advisories/icsa-21-231-02 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-32997?: CVE-2021-32997 is a high-severity vulnerability in Bentley Nevada, A Baker Hughes Subsidiary 3500/22m Firmware, Part No. 288055-01, classified under Use of Password Hash With Insufficient Computational Effort. CVSS score: 8.2/10. Published 2022-05-25.
How severe is CVE-2021-32997?: High severity. CVSS v3 base score is 8.2 out of 10.