CVE-2022-41613: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

Bentley Systems MicroStation Connect versions 10.17.0.209 and prior contain an Out-of-Bounds Read vulnerability (CVE-2022-41613) when parsing DGN files. The vulnerability was discovered and reported to CISA by Michael Heinzl, and was assigned a CVSS v3 base score of 7.8 (CISA Advisory).

The vulnerability is classified as CWE-125 (Out-of-bounds Read) and has been assigned a CVSS vector string of AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required. The vulnerability occurs specifically during the parsing of DGN files in the MicroStation Connect software (CISA Advisory, Bentley Advisory).

Successful exploitation of this vulnerability may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code. The vulnerability affects critical manufacturing infrastructure sectors worldwide (CISA Advisory).

Bentley Systems has implemented multiple validation checks within the DGN platform when processing malformed DGNs. Users are recommended to update to MicroStation Connect Update 17.1 or later versions. Additionally, CISA recommends users avoid opening attachments in unsolicited email messages and follow proper social engineering attack prevention measures (CISA Advisory).