CVE-2021-46635: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

This vulnerability (CVE-2021-46635) affects Bentley MicroStation CONNECT 10.16.0.80. The vulnerability allows remote attackers to execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files, where crafted data can trigger a write past the end of an allocated buffer (Zero Day Initiative, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The flaw is classified as an Out-of-bounds Write (CWE-787) vulnerability. The issue specifically occurs during the parsing of DGN files, where maliciously crafted data can trigger a buffer overflow condition (Zero Day Initiative, Bentley Advisory).

An attacker can leverage this vulnerability to execute code in the context of the current process, potentially gaining control over the affected system. The vulnerability affects confidentiality, integrity, and availability of the system, all rated as High in the CVSS scoring (Zero Day Initiative).

Bentley has issued an update to correct this vulnerability. Users should update to version 10.16.02.* or more recent versions of MicroStation and MicroStation-based applications. As a general best practice, it is recommended to only open DGN files coming from trusted sources (Bentley Advisory).