CVE-2021-34086 Information

Jun 07, 2022 cve

Description

In Ultimaker S3 3D printer Ultimaker S5 3D printer Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16 the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://ultimaker.com/3d-printers/ultimaker-3 https://kth.diva-portal.org/smash/get/diva2:1623489/FULLTEXT01.pdf https://ultimaker.com/3d-printers/ultimaker-s3 https://ultimaker.com/3d-printers/ultimaker-s5

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8

Share on: