CVE-2022-35905: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an FBX file containing crafted data can force an out-of-bounds read. The vulnerability was assigned CVE-2022-35905 and was disclosed on July 13, 2022 (Vendor Advisory).

The vulnerability is an out-of-bounds read issue that occurs during the parsing of FBX files in MicroStation and MicroStation-based applications. The CVSS v3.1 base score is 3.3 (LOW) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. This indicates the attack requires local access and user interaction, with potential low impact on confidentiality but no impact on integrity or availability (NVD).

Exploitation of these vulnerabilities within the parsing of FBX files could enable an attacker to read information in the context of the current process, potentially leading to information disclosure (Vendor Advisory).

Bentley recommends updating to MicroStation version 10.17.0.x or later and Bentley View version 10.17.0.x or later. As a general best practice, it is also recommended to only open FBX files coming from trusted sources (Vendor Advisory).