CVE-2021-46638 – This is a stack-based buffer overflow vulnerabi... (How to Fix)

Q: What is the severity of CVE-2021-46638?

CVE-2021-46638 has a CVSS score of 7.8 (HIGH). This is a stack-based buffer overflow vulnerability in Bentley MicroStation CONNECT that allows remote code execution. Attackers can exploit it by tricking users into opening malicious DGN files, potentially taking full control of the affected system. Users of Bentley MicroStation CONNECT version 10.16.0.80 are affected.

📋 TL;DR

This is a stack-based buffer overflow vulnerability in Bentley MicroStation CONNECT that allows remote code execution. Attackers can exploit it by tricking users into opening malicious DGN files, potentially taking full control of the affected system. Users of Bentley MicroStation CONNECT version 10.16.0.80 are affected.

💻 Affected Systems

Products:

Bentley MicroStation CONNECT

Versions: 10.16.0.80

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of the affected version are vulnerable by default when processing DGN files.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the workstation, enabling data theft, lateral movement, and persistent access.

🟠

Likely Case

Local privilege escalation leading to installation of malware, ransomware, or backdoors on the affected system.

🟢

If Mitigated

Limited impact with proper application sandboxing and file validation, potentially only causing application crashes.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but could be delivered via email or web downloads.

🏢 Internal Only: HIGH - Internal users frequently share DGN files, making social engineering attacks more effective within organizations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction but the vulnerability is well-documented and part of ZDI's disclosure program.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.16.0.80 Update 1 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0009

Restart Required: Yes

Instructions:

1. Download the latest update from Bentley's official website or update service. 2. Run the installer with administrative privileges. 3. Restart the system after installation completes.

🔧 Temporary Workarounds

Restrict DGN file handling

windows

Configure system to open DGN files only with trusted applications or in sandboxed environments.

Use Windows Group Policy to restrict file associations for .dgn files

User awareness training

all

Educate users to only open DGN files from trusted sources and verify file integrity.

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized code
Use endpoint detection and response (EDR) solutions to monitor for suspicious file parsing behavior

🔍 How to Verify

Check if Vulnerable:

Check MicroStation version via Help > About menu or verify installed version in Windows Programs and Features.

Check Version:

In MicroStation: Help > About, or on Windows: wmic product where name="MicroStation" get version

Verify Fix Applied:

Verify version is 10.16.0.80 Update 1 or later and test with known safe DGN files to ensure proper parsing.

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening DGN files
Unusual process spawning from MicroStation.exe

Network Indicators:

Downloads of DGN files from untrusted sources
Outbound connections from MicroStation to suspicious IPs

SIEM Query:

Process Creation where Image contains "MicroStation" and ParentImage contains "explorer.exe" and CommandLine contains ".dgn"

📊 Metadata

CVE ID: CVE-2021-46638

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: February 18, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0009 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-225/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0009 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-225/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46638, you might also want to check these: