OpenCVE

Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bentley	Microstation View

Configuration 1 [-]

OR	cpe:2.3:a:bentley:microstation::::::::
	cpe:2.3:a:bentley:view::::::::

No data.

References

Link	Providers
https://www.bentley.com/legal/common-vulnerability-exposure-be-2022-0019/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-13T00:00:00

Updated: 2024-08-03T13:19:05.232Z

Reserved: 2022-10-13T00:00:00

Link: CVE-2022-42900

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-13T03:15:08.937

Modified: 2024-11-21T07:25:33.797

Link: CVE-2022-42900

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bentley:microstation:*:*:*:*:*:*:*:*", "matchCriteriaId": "84E9D895-184B-4BA4-A700-9315436D1A92", "versionEndExcluding": "10.17.01.58", "vulnerable": true}, {"criteria": "cpe:2.3:a:bentley:view:*:*:*:*:*:*:*:*", "matchCriteriaId": "A05A8ED6-E7AA-46DD-ABB2-CFB19F53D2DD", "versionEndExcluding": "10.17.01.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View."}, {"lang": "es", "value": "Las aplicaciones de Bentley MicroStation y basadas en MicroStation pueden verse afectadas por problemas de lectura fuera de l\u00edmites cuando abren archivos FBX dise\u00f1ados. La explotaci\u00f3n de estos problemas podr\u00eda conllevar a una divulgaci\u00f3n de informaci\u00f3n y una ejecuci\u00f3n de c\u00f3digo. Las versiones corregidas son 10.17.01.58* para MicroStation y 10.17.01.19* para Bentley View"}], "id": "CVE-2022-42900", "lastModified": "2024-11-21T07:25:33.797", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-13T03:15:08.937", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.bentley.com/legal/common-vulnerability-exposure-be-2022-0019/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.bentley.com/legal/common-vulnerability-exposure-be-2022-0019/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}