CVE-2021-46605: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

A heap-based buffer overflow vulnerability (CVE-2021-46605) was discovered in Bentley MicroStation CONNECT version 10.16.0.80. The vulnerability was identified in the BMP image parsing functionality and was reported through the Zero Day Initiative program. The issue was disclosed on January 31, 2022, and affects the core image processing components of the software (Zero Day Initiative, Bentley Advisory).

The vulnerability stems from improper validation of user-supplied data length prior to copying it to a heap-based buffer during BMP image parsing. This implementation flaw received a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability was tracked as ZDI-CAN-15399 (Zero Day Initiative).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high severity rating indicates potential complete compromise of the affected system's confidentiality, integrity, and availability (Zero Day Initiative).

Bentley has released version 10.16.02 and later versions to address this vulnerability. Users are recommended to update to the latest version of the software. Additionally, as a general best practice, users should only open BMP files from trusted sources (Bentley Advisory).