← Back

CVE-2021-34087

nvd nist
Published: Jan 10, 2022Modified: Jun 17, 2026

JSON object

Loading...
7.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Exploitability: 2.8 / Impact: 3.7
Source: NVD

Description

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page.

Affected (3)

Ultimaker
3 products
Ultimaker S3 Firmware
Ultimaker S5 Firmware
Ultimaker 3 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ultimaker S3 Firmware
Up to 6.3
Running on/withPlatform Versions
Ultimaker
Ultimaker S3
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ultimaker S5 Firmware
Up to 6.3
Running on/withPlatform Versions
Ultimaker
Ultimaker S5
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ultimaker 3 Firmware
Up to 5.2.16
Running on/withPlatform Versions
Ultimaker
Ultimaker 3
All versions

Related CWEs

CWE-1021
Improper Restriction of Rendered UI Layers or Frames
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

References (6)

Source: cve@mitre.org
Technical DescriptionThird Party Advisory
Source: cve@mitre.org
ProductVendor Advisory
Source: cve@mitre.org
ProductVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Technical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ProductVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ProductVendor Advisory

Timeline

No history available yet.