PT-2022-10320 · Ultimaker · Ultimaker S5+1
Published
2022-01-10
·
Updated
2022-01-14
·
CVE-2021-34086
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ultimaker S3 3D printer versions through 6.3
Ultimaker S5 3D printer versions through 6.3
Ultimaker 3 3D printer S-line versions through 6.3
Ultimaker 3 versions through 5.2.16
Description
The local webserver in the affected 3D printers hosts APIs that are vulnerable to CSRF attacks because they do not verify incoming requests.
Recommendations
For Ultimaker S3 3D printer versions through 6.3, update to a version that includes a fix for this issue.
For Ultimaker S5 3D printer versions through 6.3, update to a version that includes a fix for this issue.
For Ultimaker 3 3D printer S-line versions through 6.3, update to a version that includes a fix for this issue.
For Ultimaker 3 versions through 5.2.16, update to a version that includes a fix for this issue.
As a temporary workaround, consider restricting access to the vulnerable APIs until a patch is available.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ultimaker S3
Ultimaker S5