CVE-2022-28303 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2022-28303?

CVE-2022-28303 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious SKP files in Bentley View. Attackers can gain control of the current process, potentially compromising the entire system. Users of affected Bentley View versions are at risk.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious SKP files in Bentley View. Attackers can gain control of the current process, potentially compromising the entire system. Users of affected Bentley View versions are at risk.

💻 Affected Systems

Products:

Bentley View

Versions: 10.16.02.022 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction to open malicious SKP file. All default installations are vulnerable.

📦 What is this software?

Microstation by Bentley

View all CVEs affecting Microstation →

View by Bentley

View all CVEs affecting View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control, data theft, ransomware deployment, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to data exfiltration, malware installation, or system disruption for the affected user.

🟢

If Mitigated

Limited impact to isolated system with proper application sandboxing and user privilege restrictions.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is technically simple once malicious file is opened. ZDI has confirmed the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.16.03.01 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0009

Restart Required: Yes

Instructions:

1. Download latest Bentley View from official Bentley website. 2. Run installer. 3. Restart system after installation completes.

🔧 Temporary Workarounds

Disable SKP file association

windows

Prevent Bentley View from automatically opening SKP files

Control Panel > Default Programs > Associate a file type or protocol with a program > Change .skp association to Notepad or other safe viewer

Application sandboxing

windows

Run Bentley View in restricted environment

🧯 If You Can't Patch

Implement strict email/web filtering to block SKP attachments
Educate users to never open SKP files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About. If version is 10.16.02.022 or earlier, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify version is 10.16.03.01 or later in Help > About.

📡 Detection & Monitoring

Log Indicators:

Multiple failed SKP file parsing attempts
Unexpected process creation from Bentley View

Network Indicators:

Downloads of SKP files from suspicious sources
Outbound connections from Bentley View to unknown IPs

SIEM Query:

process_name:"Bentley View" AND (file_extension:".skp" OR parent_process:explorer.exe)

📊 Metadata

CVE ID: CVE-2022-28303

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: March 29, 2023

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0009 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-596/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0009 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-596/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28303, you might also want to check these: