CVE-2022-28319: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

This vulnerability (CVE-2022-28319) affects Bentley MicroStation CONNECT version 10.16.02.034 and prior versions. The vulnerability was discovered in the parsing of 3DM files and was disclosed on April 5, 2022. The issue stems from the lack of proper initialization of memory prior to accessing it, which could allow remote attackers to execute arbitrary code on affected installations (Zero Day Initiative, Bentley Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The specific flaw exists within the parsing of 3DM files and results from the lack of proper initialization of memory prior to accessing it. The vulnerability is tracked as ZDI-CAN-16340 and requires user interaction to exploit, specifically requiring the target to visit a malicious page or open a malicious file (Zero Day Initiative).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high CVSS score indicates that successful exploitation could lead to complete compromise of the affected system's confidentiality, integrity, and availability, though local access and user interaction are required (Zero Day Initiative, Bentley Advisory).

Bentley has released version 10.16.03.* and more recent versions to address this vulnerability. Users are recommended to update to the latest versions of MicroStation and MicroStation-based applications. As a general best practice, Bentley also recommends only opening 3DM files from trusted sources (Bentley Advisory).