CVE-2021-34897 – CVE-2021-34897 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2021-34897?

CVE-2021-34897 has a CVSS score of 7.8 (HIGH). CVE-2021-34897 is a buffer overflow vulnerability in Bentley View's DGN file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious DGN files, potentially compromising affected systems. Users of Bentley View 10.15.0.75 are primarily affected.

📋 TL;DR

CVE-2021-34897 is a buffer overflow vulnerability in Bentley View's DGN file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious DGN files, potentially compromising affected systems. Users of Bentley View 10.15.0.75 are primarily affected.

💻 Affected Systems

Products:

Bentley View

Versions: 10.15.0.75

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction to open malicious DGN files. All installations of the affected version are vulnerable by default.

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the affected system, data theft, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive files and system resources on the compromised machine.

🟢

If Mitigated

Limited impact with application crash or denial of service if exploit attempts are blocked by security controls.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is technically straightforward once a malicious file is opened. The vulnerability was discovered by Zero Day Initiative (ZDI-CAN-14864).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Bentley View version 10.16.02.58 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0009

Restart Required: Yes

Instructions:

1. Download the latest version from Bentley's official website. 2. Run the installer. 3. Restart the system after installation completes.

🔧 Temporary Workarounds

Block DGN file extensions

windows

Prevent execution of DGN files via group policy or application control

Using Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: Path: *.dgn, Security Level: Disallowed

User awareness training

all

Educate users not to open DGN files from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to block Bentley View execution
Deploy network segmentation to isolate systems running vulnerable software

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version: Open Bentley View > Help > About Bentley View. If version is 10.15.0.75, the system is vulnerable.

Check Version:

In Bentley View: Help > About Bentley View

Verify Fix Applied:

Verify version is 10.16.02.58 or later in Help > About Bentley View. Test opening known safe DGN files to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

Application crashes of Bentley View with memory access violations
Unexpected process creation from Bentley View executable

Network Indicators:

Downloads of DGN files from untrusted sources
Outbound connections from Bentley View to suspicious IPs

SIEM Query:

EventID=1000 OR EventID=1001 Source='Bentley View' AND (FaultingModule LIKE '%dgn%' OR ExceptionCode=0xc0000005)

📊 Metadata

CVE ID: CVE-2021-34897

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: January 13, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0009 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1486/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0009 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1486/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34897, you might also want to check these: