CVE-2022-35903

An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a 3DS file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of 3DS files could enable an attacker to read information in the context of the current process.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0010	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bentley:microstation::::::::
	cpe:2.3:a:bentley:view::::::::

History

21 Jul 2022, 14:41

Type	Values Removed	Values Added
First Time		Bentley view Bentley microstation Bentley
References	~~(MISC) https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0010 -~~	(MISC) https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0010 - Vendor Advisory
CPE		cpe:2.3:a:bentley:view:::::::: cpe:2.3:a:bentley:microstation::::::::
CWE		CWE-125
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 3.3

15 Jul 2022, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-15 23:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-35903

Mitre link : CVE-2022-35903

CVE.ORG link : CVE-2022-35903

JSON object : View

Products Affected

bentley

view
microstation

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2022-35903", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2022-07-15T23:15:08.480", "references": [{"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0010", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a 3DS file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of 3DS files could enable an attacker to read information in the context of the current process."}, {"lang": "es", "value": "Se ha detectado un problema en Bentley MicroStation versiones anteriores a 10.17.0.x y en Bentley View versiones anteriores a 10.17.0.x. El uso de una versi\u00f3n afectada de MicroStation o de una aplicaci\u00f3n basada en MicroStation para abrir un archivo 3DS que contenga datos dise\u00f1ados puede forzar una lectura fuera de l\u00edmites. Una explotaci\u00f3n de estas vulnerabilidades en el an\u00e1lisis de archivos 3DS podr\u00eda permitir a un atacante leer informaci\u00f3n en el contexto del proceso actual"}], "lastModified": "2022-07-21T14:41:27.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bentley:microstation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FBF5B77-F4D2-4334-87B5-8AAE19633943", "versionEndExcluding": "10.17.0"}, {"criteria": "cpe:2.3:a:bentley:view:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E9FC567-F77F-405F-8680-441DF4D898D6", "versionEndExcluding": "10.17.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}