Vulnerabilities > CVE-2021-34087 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Ultimaker products

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

ultimaker

CWE-1021

NVD

Published: 2022-01-10

Updated: 2022-01-14

Summary

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page.

Vulnerable Configurations

Part	Description	Count
OS	Ultimaker Ultimaker Ultimaker S3 Firmware 6.3 Ultimaker Ultimaker S5 Firmware 6.3 Ultimaker Ultimaker 3 Firmware 5.2.16	3
Hardware	Ultimaker Ultimaker Ultimaker S3 - Ultimaker Ultimaker S5 - Ultimaker Ultimaker 3 -	3

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

References

https://kth.diva-portal.org/smash/get/diva2:1623489/FULLTEXT01.pdf
https://ultimaker.com/3d-printers/ultimaker-s3
https://ultimaker.com/3d-printers/ultimaker-s5