CVE-2022-40201

Description

Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Bentley Systems / MicroStation Connect0 – 10.17.0.209

References

VENDOR_ADVISORYhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-293-01
VENDOR_ADVISORYhttps://www.bentley.com/advisories/be-2023-0003/