CVE-2022-42901 is a high-severity vulnerability affecting Bentley MicroStation and MicroStation-based applications, including Bentley View. The vulnerability arises from out-of-bounds and stack overflow issues triggered when processing specially crafted XMT files. These file parsing flaws can be exploited by an attacker to cause memory corruption, potentially leading to arbitrary code execution or information disclosure. The vulnerability is classified under CWE-125 (Out-of-bounds Read) and CWE-787 (Out-of-bounds Write), indicating that the software does not properly validate input data boundaries, allowing attackers to read or write memory outside the intended buffer. Exploitation requires the victim to open a maliciously crafted XMT file, which means user interaction is necessary. The CVSS v3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity but requiring user interaction and local or network access. The fixed versions are MicroStation 10.17.01.58 and Bentley View 10.17.01.19, indicating that patches have been released but may not yet be widely deployed. No known exploits in the wild have been reported to date, but the potential for code execution makes this a critical issue for organizations using these products. Given the specialized nature of MicroStation in engineering, architecture, and infrastructure design, this vulnerability poses significant risks to organizations relying on these tools for critical design and operational workflows.

For European organizations, the impact of CVE-2022-42901 can be substantial, especially those in sectors such as civil engineering, construction, infrastructure management, and utilities where Bentley MicroStation is commonly used. Successful exploitation could lead to unauthorized disclosure of sensitive design data, intellectual property theft, or disruption of design processes through arbitrary code execution. This could result in project delays, financial losses, and damage to reputation. Additionally, compromised systems could be leveraged as footholds for further network intrusion, potentially affecting broader IT and OT environments. Given the critical nature of infrastructure projects in Europe and the reliance on precise design software, the vulnerability could also have downstream effects on public safety and regulatory compliance if exploited. The requirement for user interaction (opening a malicious file) somewhat limits the attack vector but does not eliminate risk, especially in environments where file sharing is common. The absence of known exploits suggests a window of opportunity for defenders to patch and mitigate before active attacks emerge.

European organizations should prioritize updating Bentley MicroStation to version 10.17.01.58 and Bentley View to 10.17.01.19 or later to remediate this vulnerability. Beyond patching, organizations should implement strict controls on file provenance and scanning of XMT files before opening, including sandboxing or using isolated environments for opening files from untrusted sources. User training should emphasize the risks of opening files from unknown or unverified origins. Network segmentation can limit the impact of a compromised workstation. Additionally, monitoring for anomalous behavior related to MicroStation processes and employing endpoint detection and response (EDR) tools can help detect exploitation attempts. Organizations should also review and restrict permissions to minimize the ability of compromised applications to execute arbitrary code or escalate privileges. Regular vulnerability scanning and asset inventory to identify affected versions will ensure comprehensive coverage. Finally, coordination with software vendors and participation in information sharing groups can provide early warnings of emerging exploits.