Login Sign Up

CVE-2021-34921

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2021-34921 is a buffer overflow vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JT files, potentially compromising their systems. This affects users of Bentley View 10.15.0.75 who open untrusted JT files.

💻 Affected Systems

Products:
  • Bentley View
Versions: 10.15.0.75
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where Bentley View is installed and users open JT files from untrusted sources.

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's machine, data theft, and lateral movement within the network.

🟠

Likely Case

Malware installation, data exfiltration, or ransomware deployment on individual workstations running Bentley View.

🟢

If Mitigated

Limited impact with proper network segmentation, application sandboxing, and user awareness preventing malicious file execution.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

User interaction required (opening malicious file). Exploit likely exists in the wild given the nature of the vulnerability and ZDI disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Bentley View version 10.16.02 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005

Restart Required: Yes

Instructions:

1. Download latest Bentley View from official Bentley website. 2. Run installer. 3. Restart system after installation completes.

🔧 Temporary Workarounds

Disable JT file association

windows

Remove Bentley View as default handler for .jt files to prevent automatic opening

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .jt > Change program > Choose another application

Application sandboxing

windows

Run Bentley View in restricted environment to limit impact of exploitation

🧯 If You Can't Patch

  • Implement strict email filtering to block JT attachments
  • Use application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About. If version is 10.15.0.75, system is vulnerable.

Check Version:

Not applicable - check via GUI in Help > About

Verify Fix Applied:

Verify version is 10.16.02 or later in Help > About.

📡 Detection & Monitoring

Log Indicators:

  • Process crashes of Bentley View
  • Unusual child processes spawned from Bentley View
  • Failed attempts to open corrupted JT files

Network Indicators:

  • Outbound connections from Bentley View to unknown IPs
  • Unusual data exfiltration patterns

SIEM Query:

Process: BentleyView.exe AND (EventID: 1000 OR ParentProcess: BentleyView.exe)

📊 Metadata

CVE ID: CVE-2021-34921
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: January 13, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34921, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)