Login Sign Up

CVE-2021-34929

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2021-34929 is a buffer overflow vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit it by tricking users into opening malicious JT files, potentially compromising affected systems. This affects Bentley View 10.15.0.75 users who process JT files.

💻 Affected Systems

Products:
  • Bentley View
Versions: 10.15.0.75
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the JT file parsing component; exploitation requires user interaction to open malicious files.

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, data theft, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive engineering data and potential system disruption.

🟢

If Mitigated

Limited impact with proper file validation and user awareness preventing malicious file execution.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction but is straightforward once malicious file is opened; weaponization likely due to available technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Bentley View version 10.16.02 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005

Restart Required: Yes

Instructions:

1. Download latest Bentley View installer from Bentley website. 2. Run installer with administrative privileges. 3. Follow installation prompts. 4. Restart system after installation completes.

🔧 Temporary Workarounds

Disable JT file association

windows

Prevent Bentley View from automatically opening JT files by changing file associations

Control Panel > Default Programs > Associate a file type or protocol with a program > Change .jt association to Notepad or another safe viewer

Implement application whitelisting

windows

Restrict execution of Bentley View to trusted locations only

🧯 If You Can't Patch

  • Implement strict file validation policies to block untrusted JT files
  • Educate users about the risks of opening JT files from unknown sources

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About; if version is 10.15.0.75, system is vulnerable.

Check Version:

wmic product where name="Bentley View" get version

Verify Fix Applied:

Verify version is 10.16.02 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from Bentley View executable
  • Multiple failed JT file parsing attempts in application logs

Network Indicators:

  • Unexpected outbound connections from Bentley View process
  • JT file downloads from untrusted sources

SIEM Query:

Process Creation where Image contains "Bentley View" and CommandLine contains ".jt"

📊 Metadata

CVE ID: CVE-2021-34929
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: January 13, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34929, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)