CVE-2021-46593: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

This vulnerability affects Bentley MicroStation CONNECT 10.16.0.80 and allows remote attackers to disclose sensitive information. The vulnerability requires user interaction, specifically that the target must visit a malicious page or open a malicious file. The issue was discovered in the parsing of DWG files and was assigned CVE-2021-46593. The vulnerability was reported on October 1, 2021, and publicly disclosed on January 31, 2022 (ZDI Advisory, Bentley Advisory).

The vulnerability stems from the lack of proper validation of user-supplied data when parsing DWG files, which can result in a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 3.3 (LOW) with the vector: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. The flaw was tracked internally by Zero Day Initiative as ZDI-CAN-15387 (ZDI Advisory).

The vulnerability allows attackers to disclose sensitive information. When combined with other vulnerabilities, this could potentially be leveraged to execute arbitrary code in the context of the current process (ZDI Advisory).

Bentley has released version 10.16.02.* and more recent versions to address this vulnerability. As a general best practice, it is recommended to only open DWG files from trusted sources (Bentley Advisory).