Login Sign Up

CVE-2022-28312

5.5 MEDIUM
Buffer Overflow

📋 TL;DR

This vulnerability in Bentley MicroStation CONNECT allows remote attackers to disclose sensitive information by exploiting a buffer read overflow when parsing malicious 3DS files. Attackers can leverage this with other vulnerabilities to potentially execute arbitrary code. Users of affected Bentley MicroStation versions who open untrusted 3DS files are at risk.

💻 Affected Systems

Products:
  • Bentley MicroStation CONNECT
Versions: 10.16.02.034 and earlier versions
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable when processing 3DS files.

📦 What is this software?

Microstation by Bentley

View all CVEs affecting Microstation →

View by Bentley

View all CVEs affecting View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within networks.

🟠

Likely Case

Information disclosure and potential application crash, possibly enabling further exploitation when combined with other vulnerabilities.

🟢

If Mitigated

Limited to denial of service or minor information leakage if proper file handling controls are implemented.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but web-based delivery mechanisms exist.
🏢 Internal Only: MEDIUM - Internal users opening malicious files from untrusted sources could be exploited.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction to open malicious file. Known as ZDI-CAN-16342 with advisory ZDI-22-602.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.16.02.035 and later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0003

Restart Required: Yes

Instructions:

1. Download latest MicroStation CONNECT version from Bentley's official site. 2. Run installer with administrative privileges. 3. Restart system after installation completes.

🔧 Temporary Workarounds

Restrict 3DS file handling

windows

Block or restrict opening of 3DS files in MicroStation through application settings or group policy.

File extension filtering

windows

Use Windows file blocking policies to prevent opening of .3ds files from untrusted sources.

🧯 If You Can't Patch

  • Implement strict file handling policies to prevent opening untrusted 3DS files
  • Use application whitelisting to restrict MicroStation execution to trusted environments only

🔍 How to Verify

Check if Vulnerable:

Check MicroStation version in Help > About. If version is 10.16.02.034 or earlier, system is vulnerable.

Check Version:

In MicroStation: Help > About MicroStation CONNECT

Verify Fix Applied:

Verify version is 10.16.02.035 or later in Help > About dialog.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing 3DS files
  • Unexpected memory access errors in application logs

Network Indicators:

  • Downloads of 3DS files from untrusted sources
  • Unusual outbound connections after file processing

SIEM Query:

source="MicroStation" AND (event="crash" OR event="exception") AND file_extension="3ds"

📊 Metadata

CVE ID: CVE-2022-28312
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-125
Published: March 29, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28312, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)