Vulnerabilities > CVE-2021-34087 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Ultimaker products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW Summary
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 | |
Hardware | 3 |
Common Weakness Enumeration (CWE)
References
- https://kth.diva-portal.org/smash/get/diva2:1623489/FULLTEXT01.pdf
- https://kth.diva-portal.org/smash/get/diva2:1623489/FULLTEXT01.pdf
- https://ultimaker.com/3d-printers/ultimaker-s3
- https://ultimaker.com/3d-printers/ultimaker-s3
- https://ultimaker.com/3d-printers/ultimaker-s5
- https://ultimaker.com/3d-printers/ultimaker-s5