Vulnerability Details CVE-2021-34086
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://kth.diva-portal.org/smash/get/diva2:1623489/FULLTEXT01.pdf
- https://ultimaker.com/3d-printers/ultimaker-3
- https://ultimaker.com/3d-printers/ultimaker-s3
- https://ultimaker.com/3d-printers/ultimaker-s5
- https://kth.diva-portal.org/smash/get/diva2:1623489/FULLTEXT01.pdf
- https://ultimaker.com/3d-printers/ultimaker-3
- https://ultimaker.com/3d-printers/ultimaker-s3
- https://ultimaker.com/3d-printers/ultimaker-s5
Products affected by CVE-2021-34086
-
cpe:2.3:h:ultimaker:ultimaker_3:-
-
cpe:2.3:h:ultimaker:ultimaker_s3:-
-
cpe:2.3:h:ultimaker:ultimaker_s5:-
-
cpe:2.3:o:ultimaker:ultimaker_3_firmware:5.2.16
-
cpe:2.3:o:ultimaker:ultimaker_s3_firmware:6.3
-
cpe:2.3:o:ultimaker:ultimaker_s5_firmware:6.3