CVE-2021-46649: 
Bentley MicroStation CONNECT vulnerability analysis and mitigation

CVE-2021-46649 is a vulnerability discovered in Bentley MicroStation CONNECT version 10.16 that allows remote attackers to disclose sensitive information. The vulnerability was disclosed on February 18, 2022, and affects the DGN file parsing functionality of the software (NVD, ZDI Advisory).

The vulnerability exists within the parsing of DGN files and results from the lack of proper validation of user-supplied data, which can lead to a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 score of 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), indicating a low severity local attack vector requiring user interaction (ZDI Advisory).

When exploited, this vulnerability allows attackers to disclose sensitive information from affected installations. The vulnerability can potentially be leveraged in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (ZDI Advisory).

Bentley has released version 10.16.02.* and more recent versions to address this vulnerability. As a general best practice, it is recommended to only open DGN files coming from trusted sources (Bentley Advisory).