10.16.2.034

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

bentley

CWE-121

NVD

Published: 2023-01-06

Updated: 2024-02-02

Summary

Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Bentley Bentley Microstation Connect - Bentley Microstation Connect 10.16.0.80 Bentley Microstation Connect 10.16.2.034	3

Common Weakness Enumeration (CWE)

CWE-121 - Stack-based Buffer Overflow

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-293-01
https://www.bentley.com/advisories/be-2023-0003/