CVE-2022-28309 – CVE-2022-28309 is an out-of-bounds read vulnera... (How to Fix)

Q: What is the severity of CVE-2022-28309?

CVE-2022-28309 has a CVSS score of 5.5 (MEDIUM). CVE-2022-28309 is an out-of-bounds read vulnerability in Bentley View's 3DS file parser that allows remote attackers to disclose sensitive information. Users of Bentley View 10.16.02.022 who open malicious 3DS files or visit malicious web pages are affected. This vulnerability can be combined with other flaws to potentially execute arbitrary code.

📋 TL;DR

CVE-2022-28309 is an out-of-bounds read vulnerability in Bentley View's 3DS file parser that allows remote attackers to disclose sensitive information. Users of Bentley View 10.16.02.022 who open malicious 3DS files or visit malicious web pages are affected. This vulnerability can be combined with other flaws to potentially execute arbitrary code.

💻 Affected Systems

Products:

Bentley View

Versions: 10.16.02.022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Primarily affects Windows installations of Bentley View. User interaction required - must open malicious 3DS file or visit malicious page.

📦 What is this software?

Microstation by Bentley

View all CVEs affecting Microstation →

View by Bentley

View all CVEs affecting View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise when combined with other vulnerabilities, allowing attackers to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Information disclosure through memory leaks, potentially exposing sensitive data like credentials, session tokens, or application memory contents.

🟢

If Mitigated

Limited impact with proper security controls like application sandboxing, memory protection, and restricted user privileges preventing escalation.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file/visiting malicious page) but can be delivered via web or email, making internet-facing systems at moderate risk.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal resources, though attack surface is more limited than internet-facing systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction and combining with other vulnerabilities for code execution. Information disclosure is more straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Bentley View version 10.16.03 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0003

Restart Required: Yes

Instructions:

1. Download latest Bentley View from official Bentley website. 2. Run installer. 3. Restart system after installation completes.

🔧 Temporary Workarounds

Block 3DS file extensions

windows

Prevent Bentley View from opening 3DS files via file association blocking

reg add "HKCU\Software\Classes\.3ds" /ve /d "txtfile" /f
reg add "HKLM\Software\Classes\.3ds" /ve /d "txtfile" /f

Application sandboxing

windows

Run Bentley View in restricted environment using Windows Sandbox or similar

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of untrusted 3DS files
Deploy email/web filtering to block malicious 3DS file attachments and downloads

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version via Help > About. If version is 10.16.02.022 or earlier, system is vulnerable.

Check Version:

wmic datafile where name="C:\\Program Files\\Bentley\\Bentley View\\BentleyView.exe" get version

Verify Fix Applied:

Verify Bentley View version is 10.16.03 or later via Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening 3DS files
Unusual memory access patterns in application logs
Security software alerts for out-of-bounds memory reads

Network Indicators:

Downloads of 3DS files from untrusted sources
Network traffic to known malicious domains after file opening

SIEM Query:

EventID=1000 OR EventID=1001 AND SourceName="Application Error" AND ProcessName="BentleyView.exe" AND FaultingModule LIKE "%3ds%"

📊 Metadata

CVE ID: CVE-2022-28309

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: March 29, 2023

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0003 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-600/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0003 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-600/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28309, you might also want to check these: