CVE-2021-34914: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

A vulnerability was discovered in Bentley View 10.15.0.75 that allows remote attackers to execute arbitrary code. The vulnerability (CVE-2021-34914) was discovered by Mat Powell of Trend Micro Zero Day Initiative and disclosed on December 8, 2021. The vulnerability exists within the parsing of DGN files and requires user interaction, specifically opening a malicious file, to be exploited (Zero Day Initiative, Bentley Advisory).

The vulnerability is an out-of-bounds write vulnerability that occurs during DGN file parsing. When parsing DGN files, crafted data can trigger a write past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required (Zero Day Initiative).

A successful exploitation of this vulnerability allows attackers to execute arbitrary code in the context of the current process. This could potentially lead to complete system compromise at the level of the affected application's privileges (Zero Day Initiative).

Bentley has released version 10.16.02 to address this vulnerability. Users are recommended to update to this or a more recent version. As a general best practice, it is also recommended to only open DGN files from trusted sources (Bentley Advisory).