CVE-2022-42899 is a high-severity vulnerability affecting Bentley MicroStation and MicroStation-based applications, including Bentley View. The vulnerability arises from out-of-bounds read and stack overflow issues triggered when the software opens specially crafted SKP files. These memory corruption flaws can be exploited by an attacker to cause information disclosure and potentially achieve remote code execution. The vulnerability is classified under CWE-125 (Out-of-bounds Read), indicating that the software reads data outside the bounds of allocated memory, which can lead to leakage of sensitive information or destabilization of the program. The stack overflow aspect further increases the risk by allowing an attacker to overwrite control data on the stack, facilitating arbitrary code execution. Exploitation requires the victim to open a malicious SKP file, which implies user interaction is necessary. The CVSS v3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. The vulnerability affects versions prior to 10.17.01.58 for MicroStation and 10.17.01.19 for Bentley View, which have released patches to address these issues. No known exploits are currently reported in the wild, but the severity and nature of the vulnerability suggest that it could be targeted by threat actors, especially in environments where these applications are widely used.

For European organizations, the impact of CVE-2022-42899 can be significant, particularly for those in sectors relying heavily on Bentley MicroStation software, such as architecture, engineering, construction, and infrastructure management. Successful exploitation could lead to unauthorized disclosure of sensitive design and project data, intellectual property theft, and disruption of critical design workflows. The possibility of remote code execution elevates the risk to system compromise, potentially allowing attackers to deploy malware, move laterally within networks, or exfiltrate data. Given that these applications often operate within enterprise environments handling critical infrastructure projects, the vulnerability could affect operational continuity and confidentiality of sensitive national or corporate projects. The requirement for user interaction (opening a malicious SKP file) means that targeted phishing or social engineering campaigns could be used to deliver the exploit payload. The high CVSS score underscores the criticality of timely patching to prevent exploitation. Additionally, the lack of known exploits in the wild currently provides a window for proactive defense before active attacks emerge.

European organizations should prioritize the following specific mitigation steps: 1) Immediate patching: Deploy the fixed versions 10.17.01.58 or later for MicroStation and 10.17.01.19 or later for Bentley View across all affected systems. 2) File handling policies: Restrict or monitor the receipt and opening of SKP files from untrusted or external sources, including email attachments and downloads. 3) User awareness training: Educate users on the risks of opening unsolicited or suspicious SKP files and implement phishing awareness programs to reduce the likelihood of social engineering attacks. 4) Application whitelisting: Use application control to limit execution of unauthorized software and scripts that could facilitate exploitation. 5) Network segmentation: Isolate systems running MicroStation to limit lateral movement in case of compromise. 6) Monitoring and detection: Implement logging and anomaly detection focused on file access and application crashes related to MicroStation to identify potential exploitation attempts. 7) Incident response readiness: Prepare response plans specific to this vulnerability, including forensic analysis of SKP files and affected systems. These targeted measures complement general cybersecurity hygiene and help mitigate the specific risks posed by this vulnerability.