CVE-2021-46582 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2021-46582?

CVE-2021-46582 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious JP2 image files in Bentley MicroStation CONNECT. Attackers can gain code execution in the context of the current process. Users of affected Bentley MicroStation versions are at risk.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious JP2 image files in Bentley MicroStation CONNECT. Attackers can gain code execution in the context of the current process. Users of affected Bentley MicroStation versions are at risk.

💻 Affected Systems

Products:

Bentley MicroStation CONNECT

Versions: 10.16.0.80 and earlier versions

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with JP2 file parsing capability are vulnerable by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, potentially leading to data theft, ransomware deployment, or lateral movement within networks.

🟠

Likely Case

Local privilege escalation or malware installation on individual workstations when users open malicious JP2 files from untrusted sources.

🟢

If Mitigated

No impact if proper patching and security controls prevent execution of malicious files.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but could be delivered via web downloads or email attachments.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) but the vulnerability itself is unauthenticated. Was reported through ZDI-CAN-15376.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version 10.16.1.0 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0008

Restart Required: Yes

Instructions:

1. Download latest MicroStation CONNECT update from Bentley's official website. 2. Run the installer with administrative privileges. 3. Restart the application and any related services.

🔧 Temporary Workarounds

Disable JP2 file association

windows

Remove JP2 file type association with MicroStation to prevent automatic opening

Windows: Control Panel > Default Programs > Associate a file type or protocol with a program > Remove .jp2 association

Application whitelisting

all

Restrict execution of MicroStation to trusted directories only

🧯 If You Can't Patch

Implement strict email filtering to block JP2 attachments
Educate users to never open JP2 files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check MicroStation version: Open MicroStation > Help > About > Version number

Check Version:

Windows: wmic product where name="MicroStation" get version

Verify Fix Applied:

Verify version is 10.16.1.0 or higher in About dialog

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing JP2 files
Unexpected process creation from MicroStation

Network Indicators:

Downloads of JP2 files from untrusted sources
Outbound connections from MicroStation to unknown IPs

SIEM Query:

Process Creation where Image contains "MicroStation" AND ParentImage contains "explorer.exe"

📊 Metadata

CVE ID: CVE-2021-46582

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: February 18, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0008 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-169/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0008 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-169/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46582, you might also want to check these: