CVE-2021-46572 – This is a buffer overflow vulnerability in Bent... (How to Fix)

Q: What is the severity of CVE-2021-46572?

CVE-2021-46572 has a CVSS score of 7.8 (HIGH). This is a buffer overflow vulnerability in Bentley MicroStation CONNECT that allows remote code execution when users open malicious JT files. Attackers can exploit this to run arbitrary code with the privileges of the current user. Affects users of Bentley MicroStation CONNECT who open untrusted JT files.

📋 TL;DR

This is a buffer overflow vulnerability in Bentley MicroStation CONNECT that allows remote code execution when users open malicious JT files. Attackers can exploit this to run arbitrary code with the privileges of the current user. Affects users of Bentley MicroStation CONNECT who open untrusted JT files.

💻 Affected Systems

Products:

Bentley MicroStation CONNECT

Versions: 10.16.0.80 and earlier versions

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with JT file parsing enabled are vulnerable by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution with user privileges, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious JT files from untrusted sources.

🟢

If Mitigated

Limited impact if users only open trusted files and proper endpoint protection is in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but these could be delivered via email, downloads, or compromised websites.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via phishing or compromised internal resources.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is technically straightforward once a malicious JT file is crafted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.16.0.80 or later patched versions

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005

Restart Required: Yes

Instructions:

1. Download the latest version from Bentley's official website or update service. 2. Run the installer with administrative privileges. 3. Restart the system after installation completes.

🔧 Temporary Workarounds

Disable JT file association

windows

Remove JT file type association with MicroStation to prevent automatic opening

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .jt > Change program > Choose another application

Block JT files at perimeter

all

Configure email and web gateways to block JT file attachments

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized code
Restrict user privileges to limit potential damage from successful exploitation

🔍 How to Verify

Check if Vulnerable:

Check MicroStation version via Help > About. If version is 10.16.0.80 or earlier, system is vulnerable.

Check Version:

In MicroStation: Help > About MicroStation

Verify Fix Applied:

Verify version is updated to 10.16.0.80 or later via Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Process crashes of MicroStation.exe
Unusual child processes spawned from MicroStation
Failed attempts to open corrupted JT files

Network Indicators:

Downloads of JT files from untrusted sources
Outbound connections from MicroStation to unknown IPs

SIEM Query:

Process Creation where Image contains 'MicroStation' and CommandLine contains '.jt'

📊 Metadata

CVE ID: CVE-2021-46572

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 18, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-159/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-159/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46572, you might also want to check these: