CVE-2021-46631 – CVE-2021-46631 is a memory initialization vulne... (How to Fix)

Q: What is the severity of CVE-2021-46631?

CVE-2021-46631 has a CVSS score of 7.8 (HIGH). CVE-2021-46631 is a memory initialization vulnerability in Bentley View's TIF image parser that allows remote code execution when users open malicious TIF files or visit malicious web pages. This affects Bentley View 10.15.0.75 users who process untrusted TIF images. Attackers can execute arbitrary code with the privileges of the current user.

📋 TL;DR

CVE-2021-46631 is a memory initialization vulnerability in Bentley View's TIF image parser that allows remote code execution when users open malicious TIF files or visit malicious web pages. This affects Bentley View 10.15.0.75 users who process untrusted TIF images. Attackers can execute arbitrary code with the privileges of the current user.

💻 Affected Systems

Products:

Bentley View

Versions: 10.15.0.75

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the TIF image parsing component. All installations of the affected version are vulnerable by default.

📦 What is this software?

Microstation by Bentley

View all CVEs affecting Microstation →

View by Bentley

View all CVEs affecting View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution with user privileges, potentially leading to data theft, ransomware deployment, or lateral movement within networks.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious TIF files from untrusted sources.

🟢

If Mitigated

Limited impact if proper application hardening, least privilege, and network segmentation are implemented.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but web-based delivery is possible.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal resources.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). The vulnerability is in memory initialization during TIF parsing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Bentley View version after 10.15.0.75

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0015

Restart Required: Yes

Instructions:

1. Download latest Bentley View version from Bentley's official website. 2. Run installer with administrative privileges. 3. Restart system after installation completes.

🔧 Temporary Workarounds

Disable TIF file association

windows

Remove Bentley View as default handler for .tif files to prevent automatic exploitation

Control Panel > Default Programs > Set Default Programs > Select Bentley View > Choose defaults for this program > Uncheck .tif/.tiff

Application control policy

windows

Block execution of Bentley View from untrusted locations using AppLocker or similar

🧯 If You Can't Patch

Implement strict email filtering to block TIF attachments from untrusted sources
Run Bentley View with least privilege (non-admin account) to limit potential damage

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About. If version is 10.15.0.75, system is vulnerable.

Check Version:

In Bentley View: Help > About

Verify Fix Applied:

Verify version is updated beyond 10.15.0.75 in Help > About dialog.

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes of Bentley View
Creation of suspicious child processes from Bentley View

Network Indicators:

Outbound connections from Bentley View to suspicious IPs
Downloads of TIF files from untrusted sources

SIEM Query:

Process Creation where Image contains 'BentleyView.exe' and CommandLine contains '.tif' or '.tiff'

📊 Metadata

CVE ID: CVE-2021-46631

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-457

Published: February 18, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0015 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-218/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0015 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-218/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46631, you might also want to check these: