CVE-2022-35904

An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an IFC file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of IFC files could enable an attacker to read information in the context of the current process.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0013	Vendor Advisory
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0013	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bentley:microstation::::::::
	cpe:2.3:a:bentley:view::::::::

History

21 Nov 2024, 07:11

Type	Values Removed	Values Added
References	~~() https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0013 - Vendor Advisory~~	() https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0013 - Vendor Advisory

Information

Published : 2022-07-15 23:15

Updated : 2024-11-21 07:11

NVD link : CVE-2022-35904

Mitre link : CVE-2022-35904

CVE.ORG link : CVE-2022-35904

JSON object : View

Products Affected

bentley

view
microstation

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2022-35904", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2022-07-15T23:15:08.533", "references": [{"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0013", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0013", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an IFC file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of IFC files could enable an attacker to read information in the context of the current process."}, {"lang": "es", "value": "Se ha detectado un problema en Bentley MicroStation versiones anteriores a 10.17.0.x y en Bentley View versiones anteriores a 10.17.0.x. El uso de una versi\u00f3n afectada de MicroStation o de una aplicaci\u00f3n basada en MicroStation para abrir un archivo IFC que contenga datos dise\u00f1ados puede forzar una lectura fuera de l\u00edmites. Una explotaci\u00f3n de estas vulnerabilidades en el an\u00e1lisis de archivos IFC podr\u00eda permitir a un atacante leer informaci\u00f3n en el contexto del proceso actual"}], "lastModified": "2024-11-21T07:11:55.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bentley:microstation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FBF5B77-F4D2-4334-87B5-8AAE19633943", "versionEndExcluding": "10.17.0"}, {"criteria": "cpe:2.3:a:bentley:view:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E9FC567-F77F-405F-8680-441DF4D898D6", "versionEndExcluding": "10.17.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}