Login Sign Up

CVE-2022-28642

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2022-28642 is a buffer overflow vulnerability in Bentley MicroStation CONNECT that allows remote code execution when users open malicious DGN files. Attackers can exploit this to run arbitrary code with the privileges of the current user. Users of affected Bentley MicroStation versions are at risk.

💻 Affected Systems

Products:
  • Bentley MicroStation CONNECT
Versions: 10.16.02.34 and earlier versions
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default when processing DGN files.

📦 What is this software?

Microstation by Bentley

View all CVEs affecting Microstation →

View by Bentley

View all CVEs affecting View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive files and system resources, potentially enabling further attacks.

🟢

If Mitigated

Limited impact with proper security controls, potentially resulting in application crash but no code execution.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) but the vulnerability is well-documented and weaponization is likely given the RCE potential.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.16.02.35 and later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0004

Restart Required: Yes

Instructions:

1. Download the latest version from Bentley's official website. 2. Run the installer. 3. Follow installation prompts. 4. Restart the system.

🔧 Temporary Workarounds

Restrict DGN file handling

windows

Configure system to open DGN files only with trusted applications or block DGN files from untrusted sources.

Application control policies

windows

Implement application whitelisting to prevent execution of unauthorized code.

🧯 If You Can't Patch

  • Implement strict file handling policies to prevent opening DGN files from untrusted sources.
  • Use network segmentation to isolate systems running vulnerable software from critical assets.

🔍 How to Verify

Check if Vulnerable:

Check MicroStation version via Help > About menu. If version is 10.16.02.34 or earlier, the system is vulnerable.

Check Version:

Not applicable - check via application GUI

Verify Fix Applied:

Verify version is 10.16.02.35 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing DGN files
  • Unusual process creation from MicroStation executable

Network Indicators:

  • Downloads of DGN files from untrusted sources
  • Outbound connections from MicroStation to suspicious IPs

SIEM Query:

Process Creation where Image contains 'ustation.exe' and CommandLine contains '.dgn'

📊 Metadata

CVE ID: CVE-2022-28642
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 29, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28642, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)