Login Sign Up

CVE-2021-34941

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2021-34941 is a stack-based buffer overflow vulnerability in Bentley View's JT file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JT files or visiting malicious web pages. Users of affected Bentley View versions are at risk.

💻 Affected Systems

Products:
  • Bentley View
Versions: 10.15.0.75 and earlier
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default when processing JT files.

📦 What is this software?

Bentley View by Bentley

View all CVEs affecting Bentley View →

Microstation by Bentley

View all CVEs affecting Microstation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or malware installation on the victim's system, potentially leading to data exfiltration or persistence.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only application crash.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction but is technically straightforward once malicious file is opened.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.16.0.61 and later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005

Restart Required: Yes

Instructions:

1. Download latest Bentley View from official Bentley website. 2. Run installer. 3. Restart system after installation completes.

🔧 Temporary Workarounds

Disable JT file association

windows

Remove file type association for .jt files to prevent automatic opening in Bentley View

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .jt > Change program > Choose different application

Application sandboxing

windows

Run Bentley View in restricted environment or sandbox

🧯 If You Can't Patch

  • Implement strict file type filtering at email gateways and web proxies to block .jt files
  • Educate users to never open JT files from untrusted sources and implement application whitelisting

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version via Help > About. If version is 10.15.0.75 or earlier, system is vulnerable.

Check Version:

In Bentley View: Help > About

Verify Fix Applied:

Verify version is 10.16.0.61 or later in Help > About dialog.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory access violations
  • Unexpected process creation from Bentley View
  • Abnormal network connections from Bentley View process

Network Indicators:

  • Downloads of .jt files from suspicious sources
  • Outbound connections from Bentley View to unknown IPs

SIEM Query:

process_name:"Bentley View" AND (event_type:crash OR parent_process:unexpected)

📊 Metadata

CVE ID: CVE-2021-34941
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: January 13, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34941, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)