Login Sign Up

CVE-2021-46647

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2021-46647 is a heap-based buffer overflow vulnerability in Bentley MicroStation CONNECT's BMP image parser. Attackers can execute arbitrary code by tricking users into opening malicious BMP files or visiting malicious web pages. This affects users of Bentley MicroStation CONNECT version 10.16.0.80.

💻 Affected Systems

Products:
  • Bentley MicroStation CONNECT
Versions: 10.16.0.80
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: User interaction required (opening malicious file or visiting malicious page).

📦 What is this software?

Microstation by Bentley

View all CVEs affecting Microstation →

Microstation Connect by Bentley

View all CVEs affecting Microstation Connect →

View by Bentley

View all CVEs affecting View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution in the context of the current user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malicious actors deliver weaponized BMP files via phishing or compromised websites, leading to initial access and subsequent payload execution.

🟢

If Mitigated

With proper security controls, exploitation attempts are blocked by endpoint protection, and user awareness prevents opening suspicious files.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction but is straightforward once malicious content is delivered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version 10.16.1 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0002

Restart Required: Yes

Instructions:

1. Download the latest MicroStation CONNECT update from Bentley's official website. 2. Run the installer with administrative privileges. 3. Restart the system after installation completes.

🔧 Temporary Workarounds

Block BMP file extensions

windows

Prevent MicroStation from processing BMP files via group policy or application control.

Use Windows Group Policy to block .bmp file associations for MicroStation

User awareness training

all

Educate users to avoid opening BMP files from untrusted sources.

🧯 If You Can't Patch

  • Restrict MicroStation to trusted users only and monitor for suspicious activity.
  • Implement application whitelisting to prevent execution of unauthorized processes.

🔍 How to Verify

Check if Vulnerable:

Check MicroStation version via Help > About. If version is 10.16.0.80, it is vulnerable.

Check Version:

In MicroStation, navigate to Help > About to view version.

Verify Fix Applied:

Verify version is 10.16.1 or later in Help > About.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from MicroStation (e.g., cmd.exe, powershell.exe)
  • Failed attempts to load malicious BMP files in application logs

Network Indicators:

  • Outbound connections from MicroStation to unknown IPs post-BMP file opening

SIEM Query:

Process Creation where ParentImage contains 'MicroStation' AND (Image contains 'cmd.exe' OR Image contains 'powershell.exe')

📊 Metadata

CVE ID: CVE-2021-46647
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-122
Published: February 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46647, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)