CVE-2022-35904: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an IFC file containing crafted data can force an out-of-bounds read. The vulnerability was disclosed on July 13, 2022 (Vendor Advisory).

The vulnerability is classified as an out-of-bounds read vulnerability that occurs during the parsing of IFC files. It has been assigned a CVSS v3.1 base score of 3.3 (LOW) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. The vulnerability is tracked as CWE-125 (Out-of-bounds Read) (NVD).

Exploitation of this vulnerability within the parsing of IFC files could enable an attacker to read information in the context of the current process, potentially leading to information disclosure (Vendor Advisory).

Bentley recommends updating to MicroStation version 10.17.0.x or later and Bentley View version 10.17.0.x or later. As a general best practice, it is also recommended to only open IFC files coming from trusted sources (Vendor Advisory).