CVE-2021-46652 – CVE-2021-46652 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2021-46652?

CVE-2021-46652 has a CVSS score of 7.8 (HIGH). CVE-2021-46652 is a buffer overflow vulnerability in Bentley View's DGN file parser that allows remote code execution. Attackers can exploit it by tricking users into opening malicious DGN files, potentially compromising systems running vulnerable versions. This affects Bentley View users who process untrusted DGN files.

📋 TL;DR

CVE-2021-46652 is a buffer overflow vulnerability in Bentley View's DGN file parser that allows remote code execution. Attackers can exploit it by tricking users into opening malicious DGN files, potentially compromising systems running vulnerable versions. This affects Bentley View users who process untrusted DGN files.

💻 Affected Systems

Products:

Bentley View

Versions: 10.15.0.75 and earlier versions

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with vulnerable versions are affected when processing DGN files. No special configuration required for exploitation.

📦 What is this software?

Microstation by Bentley

View all CVEs affecting Microstation →

View by Bentley

View all CVEs affecting View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the affected system, data theft, ransomware deployment, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to data exfiltration, installation of persistent malware, or use as an initial access vector for targeted attacks.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially resulting in application crash without code execution.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but could be delivered via email attachments or compromised websites.

🏢 Internal Only: HIGH - Internal users frequently exchange DGN files, making social engineering attacks more effective within organizations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious file. The vulnerability is well-documented and was disclosed through ZDI, increasing likelihood of weaponization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Bentley View 10.16.0.80 or later

Vendor Advisory: https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0009

Restart Required: Yes

Instructions:

1. Download latest Bentley View from official Bentley website. 2. Run installer with administrative privileges. 3. Complete installation wizard. 4. Restart system to ensure all components are updated.

🔧 Temporary Workarounds

Disable DGN file association

windows

Prevent Bentley View from automatically opening DGN files by changing file associations

Windows: Control Panel > Default Programs > Associate a file type or protocol with a program > Change .dgn to open with Notepad or another safe application

Application sandboxing

windows

Run Bentley View in restricted environment to limit potential damage

Windows Sandbox or similar virtualization/sandboxing tools

🧯 If You Can't Patch

Implement strict email filtering to block DGN attachments from untrusted sources
Apply principle of least privilege: run Bentley View with limited user accounts, not administrative privileges

🔍 How to Verify

Check if Vulnerable:

Check Bentley View version in Help > About. If version is 10.15.0.75 or earlier, system is vulnerable.

Check Version:

Windows: Check Help > About in Bentley View GUI. Linux: Check application version in about dialog.

Verify Fix Applied:

Verify version is 10.16.0.80 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory access violations
Unexpected child processes spawned from Bentley View
Unusual file access patterns from Bentley View process

Network Indicators:

Outbound connections from Bentley View to unknown IPs
DNS requests for suspicious domains following DGN file processing

SIEM Query:

Process Creation where Parent Process Name contains 'BentleyView' AND (Command Line contains '.dgn' OR Image contains suspicious patterns)

📊 Metadata

CVE ID: CVE-2021-46652

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 18, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0009 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-239/ Third Party Advisory,VDB Entry
https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0009 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-239/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46652, you might also want to check these: