CVE-2021-46640 in View
Summary
by MITRE • 02/18/2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15512.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 02/19/2022
This vulnerability represents a critical buffer overflow flaw in Bentley View 10.15.0.75 that enables remote code execution through malicious DGN file manipulation. The issue stems from insufficient input validation during the parsing of DGN (Design Graphics Network) files, which are commonly used in engineering and construction software environments. This vulnerability operates under the CWE-121 category for buffer overflow conditions, specifically manifesting as a write past the end of an allocated buffer, making it particularly dangerous for systems processing untrusted graphical data.
The technical exploitation requires user interaction through visiting a malicious webpage or opening a crafted DGN file, creating a typical social engineering attack vector that aligns with ATT&CK technique T1203 for Exploitation for Client Execution. When the vulnerable software processes the malformed DGN file, the buffer overflow occurs during memory allocation and data handling operations, allowing attackers to overwrite adjacent memory locations. This memory corruption enables arbitrary code execution within the context of the current process, potentially escalating privileges if the application runs with elevated permissions.
The operational impact of this vulnerability extends beyond simple remote code execution as it creates a persistent threat vector for attackers targeting engineering firms, construction companies, and organizations using Bentley View software. The vulnerability affects systems where DGN files are commonly processed, including design review environments, project collaboration platforms, and document management systems. Organizations may experience unauthorized access to sensitive engineering data, system compromise, and potential lateral movement within network environments.
Mitigation strategies should focus on immediate software updates from Bentley Systems addressing the buffer overflow issue, along with implementing strict file validation policies for DGN files received from external sources. Network segmentation and application whitelisting can help reduce attack surface while regular security assessments should monitor for similar vulnerabilities in legacy engineering software. The vulnerability demonstrates the importance of input validation in graphical processing libraries and highlights the need for comprehensive memory safety practices in CAD applications. Organizations should also consider deploying intrusion detection systems to monitor for suspicious file access patterns and maintain updated threat intelligence regarding similar vulnerabilities in engineering software ecosystems.