CVE-2022-28320 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2022-28320?

CVE-2022-28320 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious 3DM files in Bentley View. Attackers can gain control of the current process. Users of Bentley View 10.16.02.022 are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious 3DM files in Bentley View. Attackers can gain control of the current process. Users of Bentley View 10.16.02.022 are affected.

💻 Affected Systems

Products:

Bentley View

Versions: 10.16.02.022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Bentley View version 10.16.02.022 when processing 3DM files.

📦 What is this software?

Microstation by Bentley

View all CVEs affecting Microstation →

View by Bentley

View all CVEs affecting View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the user's system through arbitrary code execution.

🟠

Likely Case

Attacker executes malicious code within the Bentley View process context, potentially leading to data theft, ransomware deployment, or lateral movement.

🟢

If Mitigated

Limited impact with proper file validation and user awareness preventing malicious file execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (opening malicious file) but the vulnerability itself is unauthenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version 10.16.03 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0002

Restart Required: Yes

Instructions:

1. Open Bentley View
2. Navigate to Help > Check for Updates
3. Follow prompts to install latest version
4. Restart Bentley View after installation

🔧 Temporary Workarounds

Disable 3DM file association

windows

Prevent Bentley View from automatically opening 3DM files

Control Panel > Default Programs > Associate a file type or protocol with a program > Change .3dm association to another program

User awareness training

all

Train users to avoid opening 3DM files from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to block unauthorized executables
Use network segmentation to isolate Bentley View systems from critical assets

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About. If version is exactly 10.16.02.022, system is vulnerable.

Check Version:

In Bentley View: Help > About

Verify Fix Applied:

Verify version is 10.16.03 or later in Help > About.

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes of Bentley View
Unusual file access patterns for 3DM files

Network Indicators:

Downloads of 3DM files from untrusted sources
Outbound connections from Bentley View to unknown IPs

SIEM Query:

Process: BentleyView.exe AND (FileExtension: .3dm OR ProcessCrash: true)

📊 Metadata

CVE ID: CVE-2022-28320

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-457

Published: March 29, 2023

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0002 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-597/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0002 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-597/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28320, you might also want to check these: