Login Sign Up

CVE-2021-34880

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious 3DS files in Bentley View. It affects users of Bentley View 10.15.0.75 who open untrusted 3DS files, potentially leading to full system compromise.

💻 Affected Systems

Products:
  • Bentley View
Versions: 10.15.0.75
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of the affected version are vulnerable when processing 3DS files.

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, data theft, and lateral movement within the network.

🟠

Likely Case

Malware installation, data exfiltration, or ransomware deployment on the affected workstation.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only application crash.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious file, but could be delivered via email or web downloads.
🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files shared via internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction but is technically straightforward once a malicious file is opened.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.16.0.61 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0004

Restart Required: Yes

Instructions:

1. Download latest Bentley View from official Bentley website. 2. Install the update. 3. Restart the application. 4. Verify version is 10.16.0.61 or higher.

🔧 Temporary Workarounds

Block 3DS file extensions

windows

Prevent Bentley View from opening .3ds files via file association changes.

Windows: assoc .3ds=
Windows: ftype 3dsfile=

Application sandboxing

all

Run Bentley View in restricted environment to limit potential damage.

🧯 If You Can't Patch

  • Implement strict file type policies to block .3ds files at email gateways and web proxies.
  • Run Bentley View with minimal user privileges and in isolated environments.

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About. If version is exactly 10.15.0.75, system is vulnerable.

Check Version:

On Windows: wmic product where name="Bentley View" get version

Verify Fix Applied:

Verify version is 10.16.0.61 or higher in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when opening 3DS files
  • Unusual process creation from Bentley View

Network Indicators:

  • Outbound connections from Bentley View to unknown IPs
  • DNS requests for suspicious domains after file open

SIEM Query:

process_name:"Bentley View.exe" AND (event_id:1000 OR event_id:1001) OR process_parent:"Bentley View.exe" AND process_name NOT IN (allowed_list)

📊 Metadata

CVE ID: CVE-2021-34880
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: January 13, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34880, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)