CVE-2024-53007
📋 TL;DR
This vulnerability allows authenticated users of Bentley Systems ProjectWise Integration Server to execute unintended SQL queries through API calls. This could lead to data manipulation, unauthorized data access, or denial of service. Only organizations running vulnerable versions of ProjectWise Integration Server are affected.
💻 Affected Systems
- Bentley Systems ProjectWise Integration Server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated malicious insider could execute arbitrary SQL commands, potentially leading to data exfiltration, data corruption, or complete system compromise.
Likely Case
Authenticated users could inadvertently or intentionally execute SQL queries that modify or expose sensitive project data.
If Mitigated
With proper access controls and monitoring, impact would be limited to authorized users' legitimate access scope.
🎯 Exploit Status
Exploitation requires authenticated API access but SQL injection techniques are well-understood.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.00.03.288
Vendor Advisory: https://www.bentley.com/advisories/be-2024-0002/
Restart Required: Yes
Instructions:
1. Download ProjectWise Integration Server version 10.00.03.288 or later from Bentley's software downloads
2. Backup current configuration and databases
3. Run the installer to upgrade
4. Restart the ProjectWise Integration Server service
🔧 Temporary Workarounds
Restrict API Access
allLimit API access to only trusted users and applications through network segmentation and authentication controls.
Database Query Monitoring
allImplement database activity monitoring to detect unusual SQL queries from the ProjectWise application.
🧯 If You Can't Patch
- Implement strict principle of least privilege for all ProjectWise user accounts
- Deploy web application firewall (WAF) with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Check ProjectWise Integration Server version in administrative console or via 'pwadmin' command line tool.Check Version:
pwadmin -versionVerify Fix Applied:
Confirm version is 10.00.03.288 or later and test API calls that previously triggered SQL injection.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL query patterns in database logs
- Multiple failed API authentication attempts followed by successful complex queries
- API calls with SQL-like syntax in parameters
Network Indicators:
- Unusual volume of API requests to ProjectWise Integration Server
- SQL error messages in HTTP responses
SIEM Query:
source="projectwise" AND (event_type="api_call" AND (message="*sql*" OR message="*select*" OR message="*union*"))