What is the vulnerability ID for Bentley Systems MicroStation Connect?

The vulnerability ID for Bentley Systems MicroStation Connect is CVE-2022-40201.

What is the severity rating of CVE-2022-40201?

The severity rating of CVE-2022-40201 is high with a severity value of 7.8.

Which versions of Bentley Systems MicroStation Connect are affected by CVE-2022-40201?

Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are affected by CVE-2022-40201.

What is the impact of CVE-2022-40201?

CVE-2022-40201 allows an attacker to execute arbitrary code through a stack-based buffer overflow when parsing a malformed design (DGN) file.

Is there a fix available for CVE-2022-40201?

No specific fix information is provided in the given context. Please refer to the official references provided for more information on available patches or updates.

Vulnerability/
CVE-2022-40201

high

7.8

CWE

121 119

6/1/2023

3/8/2024

CVE-2022-40201: Buffer Overflow

First published: Fri Jan 06 2023(Updated: )

Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code.

Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Bentley MicroStation CONNECT	<=10.17.0.209
Bentley Systems CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
Bentley Systems COUNTRIES/AREAS DEPLOYED: Worldwide
Bentley Systems COMPANY HEADQUARTERS LOCATION: United States

Remedy

Bentley Systems has implemented multiple validation checks within the DGN platform when processing malformed DGNs. Bentley Systems recommends users update to the latest version of the MicroStation Connect: * MicroStation Connect Update 17.1 For more information and MicroStation updates, contact Bentley Support https://www.bentley.com/support/ .

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-22-293-01

Frequently Asked Questions

What is the vulnerability ID for Bentley Systems MicroStation Connect?
The vulnerability ID for Bentley Systems MicroStation Connect is CVE-2022-40201.
What is the severity rating of CVE-2022-40201?
The severity rating of CVE-2022-40201 is high with a severity value of 7.8.
Which versions of Bentley Systems MicroStation Connect are affected by CVE-2022-40201?
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are affected by CVE-2022-40201.
What is the impact of CVE-2022-40201?
CVE-2022-40201 allows an attacker to execute arbitrary code through a stack-based buffer overflow when parsing a malformed design (DGN) file.
Is there a fix available for CVE-2022-40201?
No specific fix information is provided in the given context. Please refer to the official references provided for more information on available patches or updates.

collector/nvd-index
agent/type
agent/remedy
agent/weakness
agent/description
agent/first-publish-date
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
agent/references
agent/severity
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup-request
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/tags
agent/source
vendor/bentley
canonical/bentley microstation connect
version/bentley microstation connect/10.17.0.209
vendor/bentley systems
canonical/bentley systems critical infrastructure sectors: critical manufacturing
canonical/bentley systems countries/areas deployed: worldwide
canonical/bentley systems company headquarters location: united states