CVE-2021-46578 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2021-46578?

CVE-2021-46578 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious JT files in Bentley MicroStation CONNECT. Attackers can achieve code execution in the context of the current process, affecting all users of vulnerable versions who open untrusted JT files.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious JT files in Bentley MicroStation CONNECT. Attackers can achieve code execution in the context of the current process, affecting all users of vulnerable versions who open untrusted JT files.

💻 Affected Systems

Products:

Bentley MicroStation CONNECT

Versions: 10.16.0.80 and earlier versions

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with JT file parsing capability are vulnerable by default when opening untrusted JT files.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Malicious code execution with user privileges, potentially leading to data exfiltration, credential theft, or installation of persistent malware.

🟢

If Mitigated

Limited impact through application sandboxing or restricted user privileges, though still potentially damaging to user data and local system.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file) but can be delivered via email, downloads, or compromised websites.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared network drives containing malicious JT files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is straightforward once malicious JT file is opened. ZDI-CAN-15372 indicates professional vulnerability research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.16.0.80 or later with security updates

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005

Restart Required: Yes

Instructions:

1. Download latest MicroStation CONNECT update from Bentley Systems 2. Install the update following vendor instructions 3. Restart the application and system if prompted

🔧 Temporary Workarounds

Disable JT file association

windows

Remove JT file type association with MicroStation to prevent automatic opening

Windows: Control Panel > Default Programs > Associate a file type or protocol with a program > Remove .jt association

Application sandboxing

all

Run MicroStation in restricted environment or sandbox

🧯 If You Can't Patch

Implement strict file validation policies to block untrusted JT files
Use application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check MicroStation version: Help > About MicroStation CONNECT

Check Version:

In MicroStation: Help > About MicroStation CONNECT

Verify Fix Applied:

Verify version is 10.16.0.80 or later with security updates applied

📡 Detection & Monitoring

Log Indicators:

Application crashes when parsing JT files
Unusual process creation from MicroStation
Failed file parsing attempts

Network Indicators:

Downloads of JT files from untrusted sources
External connections initiated by MicroStation process

SIEM Query:

Process Creation where ParentImage contains 'MicroStation' AND CommandLine contains '.jt'

📊 Metadata

CVE ID: CVE-2021-46578

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: February 18, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-165/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0005 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-165/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46578, you might also want to check these: