Login Sign Up

CVE-2021-46627

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in Bentley View allows remote attackers to execute arbitrary code by tricking users into opening malicious DXF files. The flaw exists in DXF file parsing where the software fails to validate object existence before operations, leading to use-after-free conditions. Users of affected Bentley View versions are at risk.

💻 Affected Systems

Products:
  • Bentley View
Versions: 10.15.0.75 and earlier
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default when processing DXF files.

📦 What is this software?

Microstation by Bentley

View all CVEs affecting Microstation →

View by Bentley

View all CVEs affecting View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Attacker executes malicious code in the context of the current user, potentially stealing sensitive design files, installing malware, or compromising the workstation.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only crashing the application.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (opening malicious file) but the vulnerability itself is unauthenticated. The CWE-416 (Use After Free) pattern is commonly exploited.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.16.0.61 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0011

Restart Required: Yes

Instructions:

1. Download latest Bentley View from official Bentley website. 2. Run installer. 3. Restart system after installation completes.

🔧 Temporary Workarounds

Disable DXF file association

windows

Prevent Bentley View from automatically opening DXF files

Control Panel > Default Programs > Associate a file type or protocol with a program > Change .dxf to open with different application

Application sandboxing

windows

Run Bentley View in restricted environment

🧯 If You Can't Patch

  • Implement strict email filtering to block DXF attachments from untrusted sources
  • Educate users to never open DXF files from unknown or untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About. If version is 10.15.0.75 or earlier, system is vulnerable.

Check Version:

Not applicable - check via application GUI Help > About

Verify Fix Applied:

Verify version is 10.16.0.61 or later in Help > About.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when opening DXF files
  • Unusual process spawning from Bentley View

Network Indicators:

  • Outbound connections from Bentley View to unusual destinations

SIEM Query:

Process:Name='Bentley View' AND (EventID=1000 OR ParentProcess:Name='Bentley View')

📊 Metadata

CVE ID: CVE-2021-46627
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: February 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46627, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)