Bentley Systems MicroStation Connect

Plan Patch7.8ICS-CERT ICSA-22-293-01Oct 20, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

MicroStation Connect versions 10.17.0.209 and prior contain buffer overflow and out-of-bounds read vulnerabilities (CWE-121, CWE-125) in DGN file processing. A malformed DGN file can cause a crash or allow arbitrary code execution when opened by a user. Bentley Systems has implemented validation checks in the DGN platform. The vulnerability is not remotely exploitable and no public exploits are known.

What this means

What could happen

An attacker could crash MicroStation or execute arbitrary code if an engineering workstation user opens a malformed DGN file. This could disrupt design work and potentially compromise project files if attackers embed malicious commands in drawings.

Who's at risk

Engineering teams and design departments using MicroStation for CAD work, particularly in utilities, infrastructure, and construction sectors. Any organization where MicroStation users receive design files from external sources or untrusted email.

How it could be exploited

An attacker crafts a malformed DGN (design) file and tricks a MicroStation user into opening it via email or file share. When MicroStation processes the malformed file, the memory corruption vulnerability triggers, allowing arbitrary code execution on the engineering workstation with the privileges of the user running MicroStation.

Prerequisites

User interaction required: MicroStation user must open a malformed DGN file
Attacker must have means to deliver file (email, shared folder, web link)
MicroStation Connect v10.17.0.209 or earlier must be installed

Memory corruption vulnerability (buffer overflow)User interaction requiredLocally exploitable onlyAffects design workstations, not OT directly but could compromise engineering documents

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

MicroStation Connect - â€¢ v10.17.0.209 and prior≤ 10.17.0.20917.1

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGTrain users not to open DGN files from untrusted sources or unsolicited emails

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MicroStation Connect to version 17.1 or later

Long-term hardening

0/1

HARDENINGRestrict file sharing and email attachment types if possible to limit delivery of potentially malicious DGN files

CVEs (2)

CVE-2022-40201 CVE-2022-41613

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/dc246333-7a8a-43ca-ba3f-008d716e547b