Login Sign Up

CVE-2021-34885

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious JT files in Bentley View. The flaw exists in JT file parsing where crafted data can trigger a buffer over-read, potentially leading to code execution in the current process context. Users of affected Bentley View versions are at risk.

💻 Affected Systems

Products:
  • Bentley View
Versions: 10.15.0.75 and potentially earlier versions
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable when processing JT files.

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution, allowing attacker to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Malware installation or data theft when users open malicious JT files from untrusted sources.

🟢

If Mitigated

Limited impact if users only open trusted files and application runs with minimal privileges.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file) but can be delivered via web downloads or email attachments.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal resources.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction but is technically straightforward once malicious JT file is crafted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.16.0.80 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005

Restart Required: Yes

Instructions:

1. Download latest Bentley View from official Bentley website. 2. Install update. 3. Restart system. 4. Verify version is 10.16.0.80 or higher.

🔧 Temporary Workarounds

Disable JT file association

windows

Remove Bentley View as default handler for .jt files to prevent automatic opening

Windows: Control Panel > Default Programs > Set Associations > Remove .jt association with Bentley View

Application sandboxing

all

Run Bentley View with restricted privileges using application control or sandboxing

🧯 If You Can't Patch

  • Implement strict file validation policies to block untrusted JT files
  • Use application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About. If version is 10.15.0.75 or earlier, system is vulnerable.

Check Version:

Windows: wmic product where name="Bentley View" get version

Verify Fix Applied:

Verify version is 10.16.0.80 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when opening JT files
  • Unusual process creation from Bentley View

Network Indicators:

  • Downloads of JT files from untrusted sources
  • Outbound connections from Bentley View to unknown IPs

SIEM Query:

process_name:"Bentley View" AND (event_type:crash OR parent_process:explorer.exe AND child_process:cmd.exe)

📊 Metadata

CVE ID: CVE-2021-34885
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: January 13, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34885, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)