CVE-2021-34086
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests.
En la impresora 3D Ultimaker S3, la impresora 3D Ultimaker S5, la impresora 3D Ultimaker 3 S-line versiones hasta 6.3 y la Ultimaker 3 versiones hasta 5.2.16, el servidor web local aloja APIs vulnerables a ataques de tipo CSRF. No verifican las peticiones entrantes
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-06-07 CVE Reserved
- 2022-01-10 CVE Published
- 2024-08-04 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://kth.diva-portal.org/smash/get/diva2:1623489/FULLTEXT01.pdf | Technical Description |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://ultimaker.com/3d-printers/ultimaker-3 | 2022-01-14 | |
| https://ultimaker.com/3d-printers/ultimaker-s3 | 2022-01-14 | |
| https://ultimaker.com/3d-printers/ultimaker-s5 | 2022-01-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ultimaker Search vendor "Ultimaker" | Ultimaker S3 Firmware Search vendor "Ultimaker" for product "Ultimaker S3 Firmware" | <= 6.3 Search vendor "Ultimaker" for product "Ultimaker S3 Firmware" and version " <= 6.3" | - |
Affected
| in | Ultimaker Search vendor "Ultimaker" | Ultimaker S3 Search vendor "Ultimaker" for product "Ultimaker S3" | - | - |
Safe
|
| Ultimaker Search vendor "Ultimaker" | Ultimaker S5 Firmware Search vendor "Ultimaker" for product "Ultimaker S5 Firmware" | <= 6.3 Search vendor "Ultimaker" for product "Ultimaker S5 Firmware" and version " <= 6.3" | - |
Affected
| in | Ultimaker Search vendor "Ultimaker" | Ultimaker S5 Search vendor "Ultimaker" for product "Ultimaker S5" | - | - |
Safe
|
| Ultimaker Search vendor "Ultimaker" | Ultimaker 3 Firmware Search vendor "Ultimaker" for product "Ultimaker 3 Firmware" | <= 5.2.16 Search vendor "Ultimaker" for product "Ultimaker 3 Firmware" and version " <= 5.2.16" | - |
Affected
| in | Ultimaker Search vendor "Ultimaker" | Ultimaker 3 Search vendor "Ultimaker" for product "Ultimaker 3" | - | - |
Safe
|