CVE-2021-46624: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

This vulnerability (CVE-2021-46624) affects Bentley View version 10.15.0.75. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was disclosed on January 31, 2022. It involves an out-of-bounds read vulnerability in the DWG file parsing functionality (Zero Day Initiative, Bentley Advisory).

The vulnerability stems from the lack of proper validation of user-supplied data when parsing DWG files, which can result in a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 3.3 (LOW) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (Zero Day Initiative).

The vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. An attacker can leverage this vulnerability in conjunction with other vulnerabilities to potentially execute arbitrary code in the context of the current process (Zero Day Initiative).

Bentley has released version 10.16.02 and more recent versions to address this vulnerability. The vendor recommends updating to the latest versions of MicroStation and MicroStation-based applications. As a general best practice, it is also recommended to only open DWG files coming from trusted sources (Bentley Advisory).