Login Sign Up

CVE-2021-46640

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This is a buffer overflow vulnerability in Bentley View's DGN file parser that allows remote code execution. Attackers can exploit it by tricking users into opening malicious DGN files or visiting malicious web pages. Users of affected Bentley View versions are at risk.

💻 Affected Systems

Products:
  • Bentley View
Versions: 10.15.0.75 and earlier
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: User interaction required - victim must open malicious DGN file or visit malicious page.

📦 What is this software?

Microstation by Bentley

View all CVEs affecting Microstation →

View by Bentley

View all CVEs affecting View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's machine and potentially pivoting to other systems.

🟠

Likely Case

Attacker executes arbitrary code in the context of the current user, potentially stealing data, installing malware, or establishing persistence.

🟢

If Mitigated

Limited impact if file execution is blocked or application runs with minimal privileges.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction but is straightforward once malicious file is opened.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Bentley View version 10.16.02.03 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0009

Restart Required: Yes

Instructions:

1. Download latest Bentley View installer from official Bentley website. 2. Run installer with administrative privileges. 3. Follow installation prompts. 4. Restart system after installation completes.

🔧 Temporary Workarounds

Block DGN file execution

windows

Prevent Bentley View from opening DGN files via group policy or application restrictions

Use Windows Group Policy to block .dgn file associations with Bentley View

Run with reduced privileges

windows

Configure Bentley View to run with limited user privileges instead of administrative rights

Set application compatibility settings to 'Run as invoker'

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized files
  • Deploy network segmentation to isolate systems running vulnerable software

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About. If version is 10.15.0.75 or earlier, system is vulnerable.

Check Version:

wmic product where name="Bentley View" get version

Verify Fix Applied:

Verify Bentley View version is 10.16.02.03 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from Bentley View executable
  • Multiple failed DGN file parsing attempts
  • Crash logs from Bentley View with memory access violations

Network Indicators:

  • Downloads of DGN files from untrusted sources
  • Network connections initiated by Bentley View to suspicious IPs

SIEM Query:

source="windows" AND process_name="BentleyView.exe" AND (event_id=1 OR event_id=1000 OR event_id=1001)

📊 Metadata

CVE ID: CVE-2021-46640
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: February 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46640, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)