CVE-2022-42899

7.8HIGH

Key Information:

Vendor: Bentley
Status: Microstation; View
Vendor: CVE Published:; 13 October 2022

Badges

👾 Exploit Exists🟡 Public PoC

Summary

Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-42899
Created by iamsanjay

References

https://www.bentley.com/legal/common-vulnerability-exposu...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Oct 19, 2022
👾
Exploit known to exist
Oct 19, 2022
Vulnerability published
Oct 13, 2022
Vulnerability Reserved
Oct 13, 2022

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)