Lucene search

IcscertCVELIST:CVE-2022-40201

HistoryJan 06, 2023 - 9:10 p.m.

CVE-2022-40201

2023-01-0621:10:43

CWE-121

icscert

www.cve.org

bentley systems

microstation connect

stack-based buffer overflow

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

41.3%

JSON

Bentley Systems MicroStation Connect versions

10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MicroStation Connect",
    "vendor": "Bentley Systems",
    "versions": [
      {
        "lessThanOrEqual": "10.17.0.209",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.bentley.com/advisories/be-2023-0003/

www.cisa.gov/uscert/ics/advisories/icsa-22-293-01

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

41.3%

JSON

Related for CVELIST:CVE-2022-40201