Security Alert – Web Services Gateway

Bentley’s Commitment to Security

Bentley is committed to the digital safety of our users and to protecting the integrity, availability, and confidentiality of our user’s data. This commitment includes timely communication of the vulnerabilities that arise in the ever-evolving IT security environment.

Notification of Vulnerability

Bentley’s security team recently discovered a vulnerability in Web Services Gateway (WSG) that could result in an unauthorized individual taking over part or all of a server running WSG. Bentley has not detected any exploitation of this vulnerability in a ProjectWise hosted system. However, as a precaution, we are in the process of upgrading all hosted systems to address the vulnerability.

Action Required for On-Premise ProjectWise Users

Mobile apps such as Edge or Worksite, PW Project Share Work Area Connection, or customizations using the WSG Toolkit or APIs all require WSG. To fully protect against the vulnerability, users with an on-premise ProjectWise environment should disable or upgrade their Web Services Gateway. Bentley’s security team advises users take action immediately. 

 As always, we recommend that users use the latest versions of our products. If your ProjectWise Design Integration version is older than 10.00.03.140, it is recommended, but not required, to upgrade to version 10.00.03.140 to take advantage of new capabilities and features. 

Questions?  For additional information please contact the ProjectWise Help Desk in your region or Submit a help ticket.

Sincerely,
The Bentley Security Team

Anonymous