CVE-2021-46620: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

This vulnerability (CVE-2021-46620) affects Bentley MicroStation CONNECT version 10.16.0.80. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was disclosed on January 31, 2022. It involves an out-of-bounds read vulnerability in the parsing of FBX files, which could potentially lead to sensitive information disclosure (Zero Day Initiative, Bentley Advisory).

The vulnerability stems from the lack of proper validation of user-supplied data during the parsing of FBX files, which can result in a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 3.3 (LOW) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N, indicating a low-severity local attack requiring user interaction (Zero Day Initiative).

If successfully exploited, this vulnerability could allow attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. The vulnerability can be leveraged in conjunction with other vulnerabilities to potentially execute arbitrary code in the context of the current process (Zero Day Initiative).

Bentley has issued an update to correct this vulnerability. Users should upgrade to version 10.16.02 or later of MicroStation and MicroStation-based applications. As a general best practice, it is recommended to only open FBX files from trusted sources (Bentley Advisory).