CVE-2024-8374

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 3, 2024
CWE ID 94

Summary

CVE-2024-8374 affects UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2, which are vulnerable to code injection through the improper handling of the drop_to_buildplate property in 3MF files. This vulnerability allows attackers to execute arbitrary code by manipulating the content of a 3MF file, as the value is passed to the Python eval() function without adequate sanitization. Given that 3MF files are frequently shared on 3D model databases, this presents a significant risk for organizations using these versions of Cura, potentially leading to high impacts on confidentiality, integrity, and availability of their systems. To remediate this issue, it is advised that users upgrade to a patched version of Cura that addresses this vulnerability. The exploitability score is rated at 1.8 with a base severity classification of high (base score of 7.8).

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share