CVE-2021-46643
📋 TL;DR
This is a stack-based buffer overflow vulnerability in Bentley View's DGN file parser. Attackers can execute arbitrary code by tricking users into opening malicious DGN files or visiting malicious web pages. Affects users of Bentley View 10.15.0.75 who open untrusted DGN files.
💻 Affected Systems
- Bentley View
📦 What is this software?
View by Bentley
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the victim's machine in the context of the current user.
Likely Case
Remote code execution leading to malware installation, data theft, or ransomware deployment.
If Mitigated
Limited impact if file execution is blocked or user doesn't open malicious files.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file). The vulnerability is well-documented and weaponization is likely given the RCE potential.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to Bentley View version 10.16.02 or later
Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0009
Restart Required: Yes
Instructions:
1. Download latest Bentley View installer from official Bentley website. 2. Run installer with administrative privileges. 3. Follow installation prompts. 4. Restart system after installation completes.
🔧 Temporary Workarounds
Block DGN file extensions
windowsPrevent execution of DGN files via group policy or application control
Using Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: Path: *.dgn, Security Level: Disallowed
Disable DGN file association
windowsRemove Bentley View as default handler for DGN files
Control Panel > Default Programs > Set Associations > Find .dgn > Change program > Choose another program (e.g., Notepad)
🧯 If You Can't Patch
- Implement application whitelisting to block unauthorized executables
- Educate users to never open DGN files from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check Bentley View version: Open Bentley View > Help > About Bentley View. If version is 10.15.0.75, system is vulnerable.Check Version:
Not applicable - check via GUI as describedVerify Fix Applied:
Verify version is 10.16.02 or later in Help > About Bentley View.📡 Detection & Monitoring
Log Indicators:
- Application crashes in Bentley View with stack overflow errors
- Unexpected child processes spawned from Bentley View
Network Indicators:
- Outbound connections from Bentley View to suspicious IPs
- Downloads of DGN files from untrusted sources
SIEM Query:
source="windows" AND (process_name="BentleyView.exe" AND (event_id=1000 OR event_id=1001)) OR (file_extension=".dgn" AND source_ip NOT IN trusted_networks)