Remote Code Execution Vulnerability in Bentley MicroStation by Bentley
CVE-2022-28647

7.8HIGH

Key Information:

Vendor

Bentley
Status
Microstation Connect
Vendor
CVE Published:
29 March 2023

What is CVE-2022-28647?

This vulnerability enables remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. Exploiting the flaw requires user interaction, as it involves the target visiting a malicious page or opening a crafted file. The vulnerability arises from improper parsing of IFC files, allowing specially crafted data to trigger a read beyond the end of an allocated buffer. Consequently, an attacker can execute code within the context of the current process, potentially compromising system integrity. For further details, refer to the sources provided.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MicroStation CONNECT 10.16.2.034

References

https://www.bentley.com/en/common-vulnerability-exposure/...
https://www.zerodayinitiative.com/advisories/ZDI-22-617/

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

CVSS V3.0

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Anonymous
JSON
.