CVE-2022-40201

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Bentley Systems MicroStation Connect versions 10.17.0.209 and prior

Description The issue is a Stack-Based Buffer Overflow that occurs when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code.

Recommendations For versions 10.17.0.209 and prior, avoid parsing malformed design (DGN) files until a patch is available. As a temporary workaround, consider restricting the parsing of DGN files to minimize the risk of exploitation.

Fix

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

CVE-2022-40201

Affected Products

Microstation Connect

CVE-2022-40201

Weakness Enumeration

Related Identifiers

Affected Products

References · 8