What is CVE-2022-41613?

CVE-2022-41613 is a vulnerability in Bentley Systems MicroStation Connect versions 10.17.0.209 and prior that allows an attacker to crash the product, disclose sensitive information, or execute arbitrary code.

How does CVE-2022-41613 affect Bentley Systems MicroStation Connect?

CVE-2022-41613 affects Bentley Systems MicroStation Connect versions 10.17.0.209 and prior by causing an Out-of-Bounds Read vulnerability when parsing DGN files.

What is the severity of CVE-2022-41613?

CVE-2022-41613 has a severity rating of 7.8, which is considered high.

How can an attacker exploit CVE-2022-41613?

An attacker can exploit CVE-2022-41613 by crafting a malicious DGN file that triggers the Out-of-Bounds Read vulnerability in Bentley Systems MicroStation Connect.

Is there a fix or patch available for CVE-2022-41613?

A fix or patch for CVE-2022-41613 is not currently available. It is recommended to follow the mitigation steps provided by the vendor and monitor for updates.

Vulnerability/
CVE-2022-41613

high

7.8

CWE

125

6/1/2023

3/8/2024

CVE-2022-41613

First published: Fri Jan 06 2023(Updated: )

Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code.

Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Bentley MicroStation CONNECT	<=10.17.0.209
Bentley Systems CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
Bentley Systems COUNTRIES/AREAS DEPLOYED: Worldwide
Bentley Systems COMPANY HEADQUARTERS LOCATION: United States

Remedy

Bentley Systems has implemented multiple validation checks within the DGN platform when processing malformed DGNs. Bentley Systems recommends users update to the latest version of the MicroStation Connect: * MicroStation Connect Update 17.1 For more information and MicroStation updates, contact Bentley Support https://www.bentley.com/support/ .

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-22-293-01

Frequently Asked Questions

What is CVE-2022-41613?
CVE-2022-41613 is a vulnerability in Bentley Systems MicroStation Connect versions 10.17.0.209 and prior that allows an attacker to crash the product, disclose sensitive information, or execute arbitrary code.
How does CVE-2022-41613 affect Bentley Systems MicroStation Connect?
CVE-2022-41613 affects Bentley Systems MicroStation Connect versions 10.17.0.209 and prior by causing an Out-of-Bounds Read vulnerability when parsing DGN files.
What is the severity of CVE-2022-41613?
CVE-2022-41613 has a severity rating of 7.8, which is considered high.
How can an attacker exploit CVE-2022-41613?
An attacker can exploit CVE-2022-41613 by crafting a malicious DGN file that triggers the Out-of-Bounds Read vulnerability in Bentley Systems MicroStation Connect.
Is there a fix or patch available for CVE-2022-41613?
A fix or patch for CVE-2022-41613 is not currently available. It is recommended to follow the mitigation steps provided by the vendor and monitor for updates.

collector/nvd-index
agent/type
agent/remedy
agent/weakness
agent/description
agent/first-publish-date
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
agent/references
agent/severity
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup-request
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/tags
agent/source
vendor/bentley
canonical/bentley microstation connect
version/bentley microstation connect/10.17.0.209
vendor/bentley systems
canonical/bentley systems critical infrastructure sectors: critical manufacturing
canonical/bentley systems countries/areas deployed: worldwide
canonical/bentley systems company headquarters location: united states