CVE-2024-8374
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-8374 affects UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2, which are vulnerable to code injection through the improper handling of the drop_to_buildplate property in 3MF files. This vulnerability allows attackers to execute arbitrary code by manipulating the content of a 3MF file, as the value is passed to the Python eval() function without adequate sanitization. Given that 3MF files are frequently shared on 3D model databases, this presents a significant risk for organizations using these versions of Cura, potentially leading to high impacts on confidentiality, integrity, and availability of their systems. To remediate this issue, it is advised that users upgrade to a patched version of Cura that addresses this vulnerability. The exploitability score is rated at 1.8 with a base severity classification of high (base score of 7.8).
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.