Login Sign Up

CVE-2022-43651

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on affected Bentley View installations by tricking users into opening malicious SKP files. The flaw exists in how Bentley View handles SKP file parsing, specifically a use-after-free condition that can be exploited to gain code execution. Users of vulnerable Bentley View versions are affected.

💻 Affected Systems

Products:
  • Bentley View
Versions: Versions prior to 10.16.03
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user interaction to open malicious SKP file

📦 What is this software?

View by Bentley

View all CVEs affecting View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to compromise of the user account and potentially the workstation, with possible data exfiltration or malware installation.

🟢

If Mitigated

Limited impact due to application sandboxing or restricted user privileges, potentially resulting in application crash rather than full compromise.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction but the vulnerability is well-documented and weaponization is likely given the RCE potential

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.16.03 and later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/CVE-2022-43651

Restart Required: Yes

Instructions:

1. Download Bentley View version 10.16.03 or later from official Bentley website. 2. Run the installer. 3. Follow installation prompts. 4. Restart the application.

🔧 Temporary Workarounds

Disable SKP file association

windows

Remove Bentley View as the default handler for SKP files to prevent automatic opening

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .skp > Change program > Choose another application

User awareness training

all

Train users not to open SKP files from untrusted sources

🧯 If You Can't Patch

  • Implement application whitelisting to block execution of malicious code
  • Use endpoint protection with behavioral analysis to detect exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About. If version is earlier than 10.16.03, the system is vulnerable.

Check Version:

In Bentley View: Help > About

Verify Fix Applied:

Verify version is 10.16.03 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with SKP file processing
  • Unusual process creation from Bentley View executable

Network Indicators:

  • Outbound connections from Bentley View to unusual destinations
  • File downloads triggered by Bentley View

SIEM Query:

Process Creation where Image contains 'BentleyView.exe' and CommandLine contains '.skp'

📊 Metadata

CVE ID: CVE-2022-43651
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: May 7, 2024
Last Updated: August 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-43651, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)