Vulnerability Description
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ultimaker | Ultimaker S3 Firmware | <= 6.3 |
| Ultimaker | Ultimaker S3 | - |
| Ultimaker | Ultimaker S5 Firmware | <= 6.3 |
| Ultimaker | Ultimaker S5 | - |
| Ultimaker | Ultimaker 3 Firmware | <= 5.2.16 |
| Ultimaker | Ultimaker 3 | - |
Related Weaknesses (CWE)
References
- https://kth.diva-portal.org/smash/get/diva2:1623489/FULLTEXT01.pdfTechnical DescriptionThird Party Advisory
- https://ultimaker.com/3d-printers/ultimaker-s3ProductVendor Advisory
- https://ultimaker.com/3d-printers/ultimaker-s5ProductVendor Advisory
- https://kth.diva-portal.org/smash/get/diva2:1623489/FULLTEXT01.pdfTechnical DescriptionThird Party Advisory
- https://ultimaker.com/3d-printers/ultimaker-s3ProductVendor Advisory
- https://ultimaker.com/3d-printers/ultimaker-s5ProductVendor Advisory
FAQ
What is CVE-2021-34087?
CVE-2021-34087 is a vulnerability with a CVSS score of 7.1 (HIGH). In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the setti...
How severe is CVE-2021-34087?
CVE-2021-34087 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34087?
Check the references section above for vendor advisories and patch information. Affected products include: Ultimaker Ultimaker S3 Firmware, Ultimaker Ultimaker S3, Ultimaker Ultimaker S5 Firmware, Ultimaker Ultimaker S5, Ultimaker Ultimaker 3 Firmware.