Nozomi Networks discovers flaws in Bently Nevada protection systems – iTWire

admin on September 26, 2023 Leave a Comment

OT security specialist Nozomi Networks has identified three vulnerabilities on the Baker Hughes Bently Nevada 3500 rack model used to detect and prevent anomalies in rotating machinery such as turbines, compressors, motors, and generators.

Nozomi warns that the most serious of the three vulnerabilities may allow an attacker to bypass the authentication process and obtain complete access to the device by delivering a malicious request.

According to Nozomi, "the development of a patch is not planned due to legacy limitations."

The initial discovery was made by reverse engineering the proprietary protocol used by the device, and Nozomi has confirmed that all of these vulnerabilities affect firmware versions up to 5.05 and later of the /22 TDI Module (both USB and serial versions).

Nozomi suggests the following measures to mitigate the issues.

1. RUN mode vs CONFIG mode: PLCs and control systems often implement physical keys to either put the device in RUN mode or in CONFIG mode. The latter is typically used by technicians during maintenance activities to enable writing permission of new configurations on the device. One common misconfiguration that might occur is to either forget to put back the device into RUN mode after a maintenance activity or opt for a default always-on CONFIG mode to facilitate remote changes. A best practice is to make sure that devices are always kept in RUN mode whenever possible.

2. Network segmentation: Design and implement proper network segmentation strategies to prevent unauthorised parties from interacting with critical assets. This is especially recommended for legacy solutions that are no longer actively supported by vendors.

3. Strong and unique passwords: Make sure to guarantee uniqueness in conjunction with robustness when choosing credentials. The former property is often underestimated but could provide defence in those scenarios where credentials extracted from a vulnerable machine or component could be easily reused over fully patched systems sharing the same credentials.

4. Non-default enhanced security features: Check your device manual for security features that are not enabled by default. Often, these additional features could strongly reduce the likelihood or the impact of a specific vulnerability and mitigate 'hard-to-patch' situations. With respect to Bently Nevada devices, Nozomi Networks recommends customers review the various security levels made available through the configuration utility and choose the one that matches specific needs and security policy.

Did you realise that Gartner also recommends that security teams prioritise NDR solutions to enhance their detection and response?

Picking the right NDR for your team and process can sometimes be the biggest challenge.

If you want to try out a Network Detection and Response tool, why not start with the best?

Vectra Network Detection and Response is the industry's most advanced AI-driven attack defence for identifying and stopping malicious tactics in your network without noise or the need for decryption.

Download the 2022 Gartner Market Guide for Network Detection and Response (NDR) for recommendations on how Network Detection and Response solutions can expand deeper into existing on-premises networks, and new cloud environments.

DOWNLOAD NOW!

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

Read the original here:
Nozomi Networks discovers flaws in Bently Nevada protection systems - iTWire

Related Posts
Posted in Cloud Servers

Comments are closed.