cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-28311,https://securityvulnerability.io/vulnerability/CVE-2022-28311,Arbitrary Code Execution Vulnerability in Bentley MicroStation CONNECT by Bentley Systems,"This vulnerability enables remote attackers to execute arbitrary code on installations of Bentley MicroStation CONNECT version 10.16.02.034. The issue arises during the parsing of DXF files, where crafted data can lead to a read past the end of an allocated buffer. Exploitation requires user interaction, as the target must either visit a malicious webpage or open a compromised file. By leveraging this vulnerability, an attacker can execute code within the context of the affected process, posing significant security risks.",Bentley,Microstation Connect,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28305,https://securityvulnerability.io/vulnerability/CVE-2022-28305,Code Execution Vulnerability in Bentley MicroStation CONNECT by Bentley,"A vulnerability in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code through the improper handling of OBJ files. By enticing a user to visit a malicious webpage or open an infected file, an attacker can exploit the flaw stemming from inadequate validation of user-supplied data length. This oversight results in potential stack-based buffer overflow, permitting code execution within the context of the current process, enhancing the risk and impact of the attack.",Bentley,Microstation Connect,7.8,HIGH,0.0016199999954551458,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28301,https://securityvulnerability.io/vulnerability/CVE-2022-28301,Remote Code Execution in Bentley MicroStation CONNECT,"A vulnerability in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code by exploiting the parsing process of IFC files. This occurs when the target users interact with malicious content, such as visiting compromised web pages or opening specially crafted files. The flaw results in a buffer overflow, enabling an attacker to write past the end of an allocated buffer and execute code within the context of the affected process, potentially leading to further exploitation.",Bentley,Microstation Connect,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28645,https://securityvulnerability.io/vulnerability/CVE-2022-28645,,This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16470.,Bentley,Microstation Connect,3.3,LOW,0.001769999973475933,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28641,https://securityvulnerability.io/vulnerability/CVE-2022-28641,Arbitrary Code Execution Vulnerability in Bentley MicroStation by Bentley,"This vulnerability in Bentley MicroStation CONNECT 10.16.02.34 allows remote attackers to execute arbitrary code by manipulating IFC files. Exploitation requires user interaction, such as visiting a malicious webpage or opening a compromised file. The vulnerability arises from insufficient validation of object existence during IFC file parsing, enabling attackers to run code in the application's process context.",Bentley,Microstation Connect,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28317,https://securityvulnerability.io/vulnerability/CVE-2022-28317,Remote Code Execution Vulnerability in Bentley MicroStation CONNECT,"This vulnerability in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code by exploiting a flaw in the parsing of IFC files. The exploit requires user interaction, as the target must either visit a malicious webpage or open a compromised file. The underlying issue stems from improper memory initialization before access. Successful exploitation permits an attacker to run code in the context of the current process, posing a significant security risk for users.",Bentley,Microstation Connect,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28642,https://securityvulnerability.io/vulnerability/CVE-2022-28642,Remote Code Execution Vulnerability in Bentley MicroStation by Bentley,"A vulnerability in Bentley MicroStation CONNECT 10.16.02.34 allows remote attackers to execute arbitrary code via specially crafted DGN files. Exploitation requires user interaction, including visiting a malicious webpage or opening a compromised file. The vulnerability arises from improper handling of buffer boundaries during DGN file parsing. Successful exploitation can allow an attacker to run arbitrary code in the context of the affected process.",Bentley,Microstation Connect,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28316,https://securityvulnerability.io/vulnerability/CVE-2022-28316,Remote Code Execution Vulnerability in Bentley MicroStation,"A vulnerability in Bentley MicroStation CONNECT enables remote attackers to execute arbitrary code. The flaw arises due to insufficient validation when parsing IFC files, allowing crafted data to cause a buffer overflow. This exploitation necessitates user interaction, as it requires the target to visit a malicious webpage or open a compromised file. Successful exploitation can result in the execution of code in the context of the current process, posing significant risks to the affected installations.",Bentley,Microstation Connect,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28647,https://securityvulnerability.io/vulnerability/CVE-2022-28647,Remote Code Execution Vulnerability in Bentley MicroStation by Bentley,"This vulnerability enables remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. Exploiting the flaw requires user interaction, as it involves the target visiting a malicious page or opening a crafted file. The vulnerability arises from improper parsing of IFC files, allowing specially crafted data to trigger a read beyond the end of an allocated buffer. Consequently, an attacker can execute code within the context of the current process, potentially compromising system integrity. For further details, refer to the sources provided.",Bentley,Microstation Connect,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28646,https://securityvulnerability.io/vulnerability/CVE-2022-28646,Remote Code Execution Vulnerability in Bentley MicroStation CONNECT,"This vulnerability exposes Bentley MicroStation CONNECT installations to remote code execution threats, triggered when users interact with malicious IFC files. The flaw arises during the parsing process, where crafted data can lead to writing beyond allocated buffers. This allows attackers to execute arbitrary code within the context of the software, emphasizing the need for caution against suspicious files and links.",Bentley,Microstation Connect,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28319,https://securityvulnerability.io/vulnerability/CVE-2022-28319,Arbitrary Code Execution Vulnerability in Bentley MicroStation CONNECT by Bentley,"This vulnerability exposes Bentley MicroStation CONNECT to a remote code execution risk, enabling attackers to execute arbitrary code when users interact with malicious 3DM files. The flaw arises due to insufficient initialization of memory during file parsing, which can be exploited if a user opens a compromised file or visits a malicious webpage. This highlights the importance of maintaining vigilance and ensuring software is updated to mitigate potential threats.",Bentley,Microstation Connect,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28318,https://securityvulnerability.io/vulnerability/CVE-2022-28318,Remote Code Execution Vulnerability in Bentley MicroStation CONNECT,"A security flaw in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code by manipulating IFC files. The vulnerability is triggered when users visit a malicious page or open a compromised IFC file, leading to a buffer overflow that can execute code within the current process's context. To mitigate risks, users should ensure they are using the latest software version and maintain awareness of suspicious files.",Bentley,Microstation Connect,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28302,https://securityvulnerability.io/vulnerability/CVE-2022-28302,Remote Code Execution Vulnerability in Bentley MicroStation CONNECT,"This vulnerability affects installations of Bentley MicroStation CONNECT 10.16.02.34, allowing remote attackers to execute arbitrary code. Exploitation requires user interaction, as a user must visit a malicious webpage or open a specially crafted file. The flaw resides in the parsing of IFC files, where crafted data can cause a read past the end of an allocated buffer, enabling the execution of malicious code in the context of the current process.",Bentley,Microstation Connect,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28312,https://securityvulnerability.io/vulnerability/CVE-2022-28312,,This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16342.,Bentley,Microstation Connect,3.3,LOW,0.001769999973475933,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28304,https://securityvulnerability.io/vulnerability/CVE-2022-28304,Remote Code Execution Vulnerability in Bentley MicroStation CONNECT,"A remote code execution vulnerability exists in Bentley MicroStation CONNECT due to improper validation of user-supplied data when parsing OBJ files. An attacker could exploit this by enticing a user to visit a malicious web page or open a compromised file, leading to arbitrary code execution within the context of the affected application. The issue arises from insufficient checks on the length of data copied to a fixed-length buffer, highlighting the importance of robust input validation in software security.",Bentley,Microstation Connect,7.8,HIGH,0.0016199999954551458,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28315,https://securityvulnerability.io/vulnerability/CVE-2022-28315,Arbitrary Code Execution Vulnerability in Bentley MicroStation CONNECT Software,"A vulnerability in Bentley MicroStation CONNECT exists that permits remote attackers to execute arbitrary code. By exploiting a flaw in the IFC file parsing mechanism, an attacker can manipulate user-supplied data, allowing the execution of code within the context of the current process. This attack requires user interaction, as it necessitates the victim to either visit a malicious webpage or open an infected IFC file.",Bentley,Microstation Connect,7.8,HIGH,0.0016199999954551458,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28314,https://securityvulnerability.io/vulnerability/CVE-2022-28314,Remote Code Execution in Bentley MicroStation CONNECT Software,"A vulnerability in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code. This issue arises during the parsing of IFC files, which may lead to a buffer overflow if crafted data is supplied. User interaction is necessary as victims must either visit a malicious webpage or open a contaminated file to trigger the exploit. Successful exploitation enables attackers to execute code within the context of the affected software process, potentially compromising system integrity.",Bentley,Microstation Connect,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28306,https://securityvulnerability.io/vulnerability/CVE-2022-28306,Arbitrary Code Execution Vulnerability in Bentley MicroStation CONNECT,"This vulnerability exposes installations of Bentley MicroStation CONNECT to arbitrary code execution, enabling remote attackers to take control of the process. The exploit requires user interaction, as the target must open a malicious OBJ file. The flaw results from inadequate validation of user-supplied data length when parsing OBJ files, leading to potential buffer overflow conditions. An attacker can leverage this weakness to execute arbitrary code with the privileges of the current process, posing a significant risk to affected systems.",Bentley,Microstation Connect,7.8,HIGH,0.0016199999954551458,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28310,https://securityvulnerability.io/vulnerability/CVE-2022-28310,Remote Code Execution Vulnerability in Bentley MicroStation CONNECT,"This vulnerability in Bentley MicroStation CONNECT arises during the parsing of SKP files, where improper validation of object existence occurs. Consequently, an attacker can execute arbitrary code on affected systems by enticing a user to open a malicious file or visit a harmful webpage. User interaction is essential for exploiting this vulnerability, exploiting the flaw to perform unauthorized actions within the context of the current process.",Bentley,Microstation Connect,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28644,https://securityvulnerability.io/vulnerability/CVE-2022-28644,Remote Code Execution Vulnerability in Bentley MicroStation CONNECT,"This vulnerability in Bentley MicroStation CONNECT allows attackers to execute arbitrary code when a user interacts with a specially crafted DGN file. When an affected user opens a malformed DGN file or visits a malicious webpage, the flaw in the file parsing could cause an out-of-bounds write, leading to code execution in the context of the user process. Proper measures should be taken to avoid opening untrusted files to mitigate potential risks.",Bentley,Microstation Connect,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28643,https://securityvulnerability.io/vulnerability/CVE-2022-28643,Arbitrary Code Execution in Bentley MicroStation Software,"This vulnerability in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code through specially crafted DGN files. The exploit requires user interaction, making it essential for the victim to open a malicious file or visit an infected page. The underlying issue arises from improper parsing that leads to a buffer overflow, enabling the execution of unauthorized commands within the context of the current process.",Bentley,Microstation Connect,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28313,https://securityvulnerability.io/vulnerability/CVE-2022-28313,,This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16343.,Bentley,Microstation Connect,3.3,LOW,0.001769999973475933,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-1229,https://securityvulnerability.io/vulnerability/CVE-2022-1229,Remote Code Execution Flaw in Bentley MicroStation by Bentley,"This vulnerability in Bentley MicroStation CONNECT allows remote attackers to execute arbitrary code. By enticing users to visit a malicious webpage or open a crafted file, attackers can exploit a flaw in IFC file parsing that leads to a buffer overflow. This vulnerability enables attackers to execute code within the context of the application process, posing significant risks to the integrity of affected systems. Users are advised to be cautious with unknown files and links.",Bentley,Microstation Connect,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-28T00:00:00.000Z,0
CVE-2022-41613,https://securityvulnerability.io/vulnerability/CVE-2022-41613,Out-of-Bounds Read Vulnerability in Bentley Systems MicroStation Connect Software,"Bentley Systems MicroStation Connect versions 10.17.0.209 and earlier are susceptible to an Out-of-Bounds Read vulnerability that occurs during the parsing of DGN files. This flaw may enable an attacker to crash the application, potentially reveal sensitive information, or even execute arbitrary code, posing serious risks to system integrity and security.",Bentley Systems,Microstation Connect,7.8,HIGH,0.004279999993741512,false,false,false,false,,false,false,2023-01-06T21:11:43.209Z,0
CVE-2022-40201,https://securityvulnerability.io/vulnerability/CVE-2022-40201,Stack-Based Buffer Overflow in Bentley Systems MicroStation Connect,"Bentley Systems MicroStation Connect versions prior to 10.17.0.209 are susceptible to a stack-based buffer overflow when processing malformed design (DGN) files. This vulnerability can potentially be exploited by attackers to execute arbitrary code, posing serious risks to system integrity and security.",Bentley Systems,Microstation Connect,7.8,HIGH,0.004000000189989805,false,false,false,false,,false,false,2023-01-06T21:10:43.968Z,0