CVE-2022-35905

An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an FBX file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of FBX files could enable an attacker to read information in the context of the current process.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0012	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bentley:microstation::::::::
	cpe:2.3:a:bentley:view::::::::

History

21 Jul 2022, 14:40

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 3.3
First Time		Bentley view Bentley microstation Bentley
CWE		CWE-125
CPE		cpe:2.3:a:bentley:view:::::::: cpe:2.3:a:bentley:microstation::::::::
References	~~(MISC) https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0012 -~~	(MISC) https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0012 - Vendor Advisory

15 Jul 2022, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-15 23:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-35905

Mitre link : CVE-2022-35905

CVE.ORG link : CVE-2022-35905

JSON object : View

Products Affected

bentley

view
microstation

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2022-35905", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2022-07-15T23:15:08.580", "references": [{"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0012", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an FBX file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of FBX files could enable an attacker to read information in the context of the current process."}, {"lang": "es", "value": "Se ha detectado un problema en Bentley MicroStation versiones anteriores a 10.17.0.x y en Bentley View versiones anteriores a 10.17.0.x. El uso de una versi\u00f3n afectada de MicroStation o de una aplicaci\u00f3n basada en MicroStation para abrir un archivo FBX que contenga datos dise\u00f1ados puede forzar una lectura fuera de l\u00edmites. Una explotaci\u00f3n de estas vulnerabilidades en el an\u00e1lisis de archivos FBX podr\u00eda permitir a un atacante leer informaci\u00f3n en el contexto del proceso actual"}], "lastModified": "2022-07-21T14:40:42.327", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bentley:microstation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FBF5B77-F4D2-4334-87B5-8AAE19633943", "versionEndExcluding": "10.17.0"}, {"criteria": "cpe:2.3:a:bentley:view:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E9FC567-F77F-405F-8680-441DF4D898D6", "versionEndExcluding": "10.17.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}