Multiple vulnerabilities in BENTLEY MicroStation and Bentley View
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 30 |
| CVE-ID | CVE-2022-28303 CVE-2022-28310 CVE-2022-28313 CVE-2022-28312 CVE-2022-28309 CVE-2022-28308 CVE-2021-46646 CVE-2022-28311 CVE-2022-28307 CVE-2022-28302 CVE-2022-28301 CVE-2022-28318 CVE-2022-28317 CVE-2022-28316 CVE-2022-28315 CVE-2022-28314 CVE-2022-28300 CVE-2022-28306 CVE-2022-28305 CVE-2022-28304 CVE-2022-28645 CVE-2022-28646 CVE-2022-28641 CVE-2022-28647 CVE-2022-28320 CVE-2022-28643 CVE-2022-28644 CVE-2022-1229 CVE-2022-28642 |
| CWE-ID | CWE-416 CWE-125 CWE-787 CWE-94 CWE-121 CWE-119 CWE-457 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
MicroStation Universal components / Libraries / Software for developers Bentley View Client/Desktop applications / Office applications |
| Vendor | BENTLEY SYSTEMS |
Security Bulletin
This security bulletin contains information about 30 vulnerabilities.
Updated 25.04.2022
Added vulnerabilities #21-30
1) Use-after-free
EUVDB-ID: #VU61954
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28303
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick a victim to open a specially crafted SKP file and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0009
https://www.zerodayinitiative.com/advisories/ZDI-22-596/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU61955
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28310
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick a victim to open a specially crafted SKP file and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0009
https://www.zerodayinitiative.com/advisories/ZDI-22-590/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU61974
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-28313
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted 3DS file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0003
https://www.zerodayinitiative.com/advisories/ZDI-22-603/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU61973
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-28312
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted 3DS file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0003
https://www.zerodayinitiative.com/advisories/ZDI-22-602/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU61972
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-28309
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted 3DS file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0003
https://www.zerodayinitiative.com/advisories/ZDI-22-600/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU61971
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-28308
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted 3DS file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0003
https://www.zerodayinitiative.com/advisories/ZDI-22-599/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds write
EUVDB-ID: #VU61969
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-46646
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted DGN file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0004
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU61968
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-28311
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0005
https://www.zerodayinitiative.com/advisories/ZDI-22-601/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU61967
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-28307
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted DXF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0005
https://www.zerodayinitiative.com/advisories/ZDI-22-598/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Code Injection
EUVDB-ID: #VU61966
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28302
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick a victim to open a specially crafted IFC file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0006
https://www.zerodayinitiative.com/advisories/ZDI-22-614/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Code Injection
EUVDB-ID: #VU61965
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28301
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick a victim to open a specially crafted IFC file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0006
https://www.zerodayinitiative.com/advisories/ZDI-22-612/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Code Injection
EUVDB-ID: #VU61964
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28318
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick a victim to open a specially crafted IFC file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0006
https://www.zerodayinitiative.com/advisories/ZDI-22-618/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Code Injection
EUVDB-ID: #VU61963
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28317
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick a victim to open a specially crafted IFC file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0006
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Code Injection
EUVDB-ID: #VU61962
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28316
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick a victim to open a specially crafted IFC file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0006
https://www.zerodayinitiative.com/advisories/ZDI-22-607/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Code Injection
EUVDB-ID: #VU61961
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28315
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick a victim to open a specially crafted IFC file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0006
https://www.zerodayinitiative.com/advisories/ZDI-22-606/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Code Injection
EUVDB-ID: #VU61960
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28314
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick a victim to open a specially crafted IFC file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0006
https://www.zerodayinitiative.com/advisories/ZDI-22-605/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds write
EUVDB-ID: #VU61959
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28300
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted JP2 file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0007
https://www.zerodayinitiative.com/advisories/ZDI-22-592/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Stack-based buffer overflow
EUVDB-ID: #VU61958
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28306
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trick a victim to open a specially crafted OBJ file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0008
https://www.zerodayinitiative.com/advisories/ZDI-22-595/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Stack-based buffer overflow
EUVDB-ID: #VU61957
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28305
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trick a victim to open a specially crafted OBJ file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0008
https://www.zerodayinitiative.com/advisories/ZDI-22-593/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Stack-based buffer overflow
EUVDB-ID: #VU61956
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28304
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trick a victim to open a specially crafted OBJ file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0008
https://www.zerodayinitiative.com/advisories/ZDI-22-594/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU62542
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-28645
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the parsing of DGN files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-22-610/
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0004
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Buffer overflow
EUVDB-ID: #VU62538
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28646
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the parsing of IFC files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-22-616/
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0006
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Buffer overflow
EUVDB-ID: #VU62537
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28641
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the parsing of IFC files. A remote attacker can create a specially file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBentley View: 10.16.02
MicroStation: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-22-613/
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0006
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Buffer overflow
EUVDB-ID: #VU62536
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28647
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the parsing of IFC files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-22-617/
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0006
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use of Uninitialized Variable
EUVDB-ID: #VU62534
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28320
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
MitigationInstall updates from vendor's website.
Vulnerable software versionsBentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-22-597/
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0002
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds write
EUVDB-ID: #VU62543
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28643
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the parsing of DGN files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-22-609/
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0004
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds write
EUVDB-ID: #VU62541
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28644
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the parsing of DGN files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-22-611/
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0004
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Buffer overflow
EUVDB-ID: #VU62539
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-1229
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the parsing of IFC files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-22-615/
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0006
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Out-of-bounds write
EUVDB-ID: #VU62544
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28642
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the parsing of DGN files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBentley View: 10.16.02
MicroStation: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-22-608/
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0004
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Use of Uninitialized Variable
EUVDB-ID: #VU62545
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to parsing uninitialized variable within the IFC files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicroStation: 10.16.02
Bentley View: 10.16.02
CPE2.3- cpe:2.3:a:bentley_systems:microstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:microstation:10.16.02:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:*:*:*:*:*:*:*:*
- cpe:2.3:a:bentley_systems:bentley_view:10.16.02:*:*:*:*:*:*:*
https://www.zerodayinitiative.com/advisories/ZDI-22-604/
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0006
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
