Lucene search

IcscertVULNRICHMENT:CVE-2022-40201

HistoryJan 06, 2023 - 9:10 p.m.

CVE-2022-40201

2023-01-0621:10:43

CWE-121

icscert

github.com

bentley systems

microstation connect

stack-based buffer overflow

dgn file

arbitrary code execution

cve-2022-40201

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

41.2%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Bentley Systems MicroStation Connect versions

10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:bentley:microstation_connect:-:*:*:*:*:*:*:*"
    ],
    "vendor": "bentley",
    "product": "microstation_connect",
    "versions": [
      {
        "status": "affected",
        "version": "-",
        "versionType": "custom",
        "lessThanOrEqual": " 10.17.0.209"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.bentley.com/advisories/be-2023-0003/

www.cisa.gov/uscert/ics/advisories/icsa-22-293-01

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

41.2%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2022-40201