CVE-2022-28306 in MicroStation CONNECTinfo

Summary

by MITRE • 03/29/2023

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-16174.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 05/17/2026

The vulnerability identified as CVE-2022-28306 represents a critical buffer overflow flaw within Bentley MicroStation CONNECT version 10.16.02.034, a widely used computer-aided design software in engineering and construction sectors. This vulnerability falls under the Common Weakness Enumeration category CWE-121, which specifically addresses stack-based buffer overflow conditions where insufficient bounds checking allows attackers to overwrite adjacent memory locations. The flaw manifests during the parsing of OBJ files, which are standard 3D model formats commonly exchanged between different CAD applications, making this attack vector particularly dangerous in professional environments where file sharing is routine.

The technical implementation of this vulnerability stems from inadequate input validation during the processing of user-supplied data within the OBJ file parser. When the software encounters an OBJ file, it attempts to copy data into a fixed-length stack-based buffer without properly verifying the length of the incoming data. This fundamental flaw allows an attacker to craft a malicious OBJ file containing oversized data sequences that exceed the allocated buffer space. The stack-based nature of the buffer makes this particularly severe as it can overwrite adjacent memory locations including return addresses, function pointers, and other critical execution context information. The vulnerability specifically aligns with ATT&CK technique T1203, which describes exploitation of software vulnerabilities through manipulation of input data to achieve arbitrary code execution.

The operational impact of this vulnerability extends beyond simple code execution, as it provides attackers with the ability to operate within the security context of the currently running MicroStation process. This means that successful exploitation could lead to complete system compromise, data exfiltration, or the installation of persistent backdoors within engineering environments where MicroStation is commonly deployed. The requirement for user interaction through visiting malicious web pages or opening malicious files makes this vulnerability particularly challenging to defend against, as it relies on social engineering tactics that can bypass traditional network-based security controls. Organizations using Bentley MicroStation in their design workflows face significant risk, especially in environments where collaboration involves sharing design files with external partners or where users may encounter malicious files through web browsing activities.

Mitigation strategies for CVE-2022-28306 should prioritize immediate patch deployment from Bentley Systems, as this represents a critical vulnerability requiring urgent attention. Network administrators should implement strict file validation policies that prevent automatic execution of OBJ files from untrusted sources and consider deploying web application firewalls to block malicious file downloads. The principle of least privilege should be enforced by running MicroStation with reduced permissions and implementing application whitelisting controls to prevent unauthorized code execution. Additionally, security awareness training for engineering teams should emphasize the dangers of opening unknown files and visiting suspicious websites. Organizations should also consider implementing endpoint detection and response solutions that can monitor for anomalous behavior patterns consistent with buffer overflow exploitation attempts, particularly around memory manipulation activities and unexpected process execution. The vulnerability's classification as a remote code execution flaw underscores the importance of maintaining current threat intelligence feeds and ensuring that all engineering software installations receive timely security updates to protect against similar zero-day exploits.

Reservation

03/31/2022

Disclosure

03/29/2023

Moderation

accepted

CPE

ready

EPSS

0.00897

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!