CVE-2021-46630: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

The vulnerability (CVE-2021-46630) affects Bentley View version 10.15.0.75 and involves an out-of-bounds read vulnerability in FBX file parsing. The issue was discovered by Mat Powell of Trend Micro Zero Day Initiative (identified as ZDI-CAN-15460) and was disclosed on January 31, 2022 (Zero Day Initiative, Bentley Advisory).

The vulnerability stems from improper validation of user-supplied data during FBX file parsing, which can result in a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 3.3 LOW (Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) (Zero Day Initiative).

The vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. An attacker can leverage this vulnerability in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (Zero Day Initiative).

Bentley has issued an update to correct this vulnerability. Users should upgrade to version 10.16.02 or later. As a general best practice, it is recommended to only open FBX files from trusted sources (Bentley Advisory).