CVE-2021-34874 – CVE-2021-34874 is a memory corruption vulnerabi... (How to Fix)

Q: What is the severity of CVE-2021-34874?

CVE-2021-34874 has a CVSS score of 7.8 (HIGH). CVE-2021-34874 is a memory corruption vulnerability in Bentley View that allows remote code execution when processing malicious 3DS files. Attackers can exploit this by tricking users into opening specially crafted files or visiting malicious web pages. This affects users of Bentley View 10.15.0.75 who open untrusted 3DS files.

📋 TL;DR

CVE-2021-34874 is a memory corruption vulnerability in Bentley View that allows remote code execution when processing malicious 3DS files. Attackers can exploit this by tricking users into opening specially crafted files or visiting malicious web pages. This affects users of Bentley View 10.15.0.75 who open untrusted 3DS files.

💻 Affected Systems

Products:

Bentley View

Versions: 10.15.0.75

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the 3DS file parser component. All installations of the affected version are vulnerable by default when processing 3DS files.

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or arbitrary code execution in the context of the current user, allowing attackers to steal sensitive data, install malware, or pivot to other systems.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially resulting in application crash but no system compromise.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). The vulnerability was discovered by Zero Day Initiative (ZDI-CAN-14736) and weaponization is likely given the RCE nature.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Bentley View version 10.16.02 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0004

Restart Required: Yes

Instructions:

1. Download the latest version of Bentley View from Bentley's official website. 2. Run the installer and follow the upgrade process. 3. Restart the system to ensure all components are properly updated.

🔧 Temporary Workarounds

Disable 3DS file association

windows

Remove Bentley View as the default handler for .3ds files to prevent automatic exploitation

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .3ds > Change program > Choose another application

Application control policy

windows

Implement application whitelisting to prevent execution of untrusted Bentley View files

🧯 If You Can't Patch

Implement network segmentation to isolate systems running Bentley View from critical assets
Deploy endpoint detection and response (EDR) solutions to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version via Help > About. If version is 10.15.0.75, the system is vulnerable.

Check Version:

In Bentley View: Help > About or check program properties in Windows

Verify Fix Applied:

Verify Bentley View version is 10.16.02 or later via Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Application crashes of Bentley View with memory access violations
Unusual process creation from Bentley View executable
Failed attempts to load 3DS files

Network Indicators:

Downloads of 3DS files from untrusted sources
Outbound connections from Bentley View to suspicious IPs

SIEM Query:

Process Creation where Image contains 'BentleyView.exe' AND CommandLine contains '.3ds'

📊 Metadata

CVE ID: CVE-2021-34874

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: January 13, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0004 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1461/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0004 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1461/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34874, you might also want to check these: