CVE-2022-28318 – CVE-2022-28318 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2022-28318?

CVE-2022-28318 has a CVSS score of 7.8 (HIGH). CVE-2022-28318 is a buffer overflow vulnerability in Bentley MicroStation CONNECT that allows remote code execution when users open malicious IFC files. Attackers can exploit this to execute arbitrary code with the privileges of the current user. Users of affected Bentley MicroStation versions are at risk.

📋 TL;DR

CVE-2022-28318 is a buffer overflow vulnerability in Bentley MicroStation CONNECT that allows remote code execution when users open malicious IFC files. Attackers can exploit this to execute arbitrary code with the privileges of the current user. Users of affected Bentley MicroStation versions are at risk.

💻 Affected Systems

Products:

Bentley MicroStation CONNECT

Versions: 10.16.02.34 and earlier versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the IFC file parser component. All installations with default configurations are vulnerable.

📦 What is this software?

Microstation by Bentley

View all CVEs affecting Microstation →

View by Bentley

View all CVEs affecting View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive engineering data, system disruption, or malware installation.

🟢

If Mitigated

Limited impact with proper network segmentation and user privilege restrictions, potentially only affecting the individual user's session.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). The vulnerability was discovered by Zero Day Initiative (ZDI-CAN-16379).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.16.02.35 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0006

Restart Required: Yes

Instructions:

1. Download the latest version from Bentley's official website. 2. Run the installer with administrative privileges. 3. Follow the installation wizard. 4. Restart the system after installation completes.

🔧 Temporary Workarounds

Restrict IFC file handling

windows

Configure system to open IFC files with alternative software or block IFC file execution in MicroStation

Use Windows Group Policy to modify file associations for .ifc files

User awareness training

all

Educate users to avoid opening IFC files from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized code
Use network segmentation to isolate MicroStation systems from critical infrastructure

🔍 How to Verify

Check if Vulnerable:

Check MicroStation version via Help > About menu. If version is 10.16.02.34 or earlier, system is vulnerable.

Check Version:

In MicroStation: Help > About MicroStation CONNECT

Verify Fix Applied:

Verify version is 10.16.02.35 or later in Help > About menu. Test opening known-safe IFC files to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes of MicroStation.exe
Unusual file access patterns for .ifc files
Security event logs showing unexpected code execution

Network Indicators:

Unusual outbound connections from MicroStation process
File downloads of IFC files from untrusted sources

SIEM Query:

Process:MicroStation.exe AND (EventID:1000 OR EventID:1001) OR FileExtension:.ifc AND SourceIP:(external_ips)

📊 Metadata

CVE ID: CVE-2022-28318

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 29, 2023

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0006 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-618/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0006 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-618/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28318, you might also want to check these: