CVE-2022-28305 – This is a stack-based buffer overflow vulnerabi... (How to Fix)

Q: What is the severity of CVE-2022-28305?

CVE-2022-28305 has a CVSS score of 7.8 (HIGH). This is a stack-based buffer overflow vulnerability in Bentley MicroStation CONNECT that allows remote code execution when users open malicious OBJ files. Attackers can exploit it to run arbitrary code with the privileges of the current user. Affects users of Bentley MicroStation CONNECT version 10.16.02.034.

📋 TL;DR

This is a stack-based buffer overflow vulnerability in Bentley MicroStation CONNECT that allows remote code execution when users open malicious OBJ files. Attackers can exploit it to run arbitrary code with the privileges of the current user. Affects users of Bentley MicroStation CONNECT version 10.16.02.034.

💻 Affected Systems

Products:

Bentley MicroStation CONNECT

Versions: 10.16.02.034

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction - opening malicious OBJ file or visiting malicious webpage that triggers file parsing.

📦 What is this software?

Microstation by Bentley

View all CVEs affecting Microstation →

View by Bentley

View all CVEs affecting View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive design files, system resources, and potential installation of persistent malware.

🟢

If Mitigated

Limited impact with potential application crash but no code execution if proper memory protections are enabled.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

User interaction required but exploitation is straightforward once malicious file is opened. ZDI-CAN-16172 indicates professional vulnerability research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version beyond 10.16.02.034

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0008

Restart Required: Yes

Instructions:

1. Download latest MicroStation CONNECT update from Bentley Systems. 2. Run installer with administrative privileges. 3. Restart system after installation completes.

🔧 Temporary Workarounds

Block OBJ file extensions

windows

Prevent MicroStation from processing OBJ files via file association blocking

reg add "HKLM\SOFTWARE\Classes\.obj" /v "Content Type" /t REG_SZ /d "application/octet-stream" /f

Restrict file opening privileges

windows

Configure MicroStation to run with reduced privileges using application control policies

🧯 If You Can't Patch

Implement strict email filtering to block OBJ attachments
Deploy application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check MicroStation version via Help > About. If version is exactly 10.16.02.034, system is vulnerable.

Check Version:

In MicroStation: Help > About or check registry: HKEY_LOCAL_MACHINE\SOFTWARE\Bentley\MicroStation\Version

Verify Fix Applied:

Verify version is updated beyond 10.16.02.034 and test with known safe OBJ files to ensure proper parsing.

📡 Detection & Monitoring

Log Indicators:

Application crashes when parsing OBJ files
Unexpected process creation from MicroStation.exe
Memory access violation errors in Windows Event Logs

Network Indicators:

Downloads of OBJ files from untrusted sources
Outbound connections from MicroStation process to unknown IPs

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="MicroStation.exe" AND ExceptionCode="0xc0000005"

📊 Metadata

CVE ID: CVE-2022-28305

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: March 29, 2023

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0008 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-593/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0008 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-593/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28305, you might also want to check these: