Jump to content

Ulitimaker 3 - Nginx Remote Integer Overflow Vulnerability


burhop

Recommended Posts

Posted · Ulitimaker 3 - Nginx Remote Integer Overflow Vulnerability

Hi all.  I just got a new Ultimaker 3.  Today, our network security folks said their tests show that it suffers from  "Nginx Remote Integer Overflow Vulnerability"

 

To fix it, they say to install NginX 1.13.3; 1.12.1 or later version.  I don't know if this is even possible given it is a 3D printer and not really a web server.

 

 

 

  • Link to post
    Share on other sites

    • 3 weeks later...
    Posted · Ulitimaker 3 - Nginx Remote Integer Overflow Vulnerability

    I'm told changing to a non-scanned port may work.

     

    Is there a way to change the default port for the http server running on the Ultimaker 3?

  • Link to post
    Share on other sites

    Posted (edited) · Ulitimaker 3 - Nginx Remote Integer Overflow Vulnerability

    I have not tested this, but upgrading NginX could be "as simple as" enabling developer mode, logging in to the printer as root/ultimaker over ssh, and running "apt update && apt upgrade nginx" (or nginx-light)

    Edited by ahoeben
  • Link to post
    Share on other sites

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
    • Our picks

      • S-Line Firmware 8.3.0 was released Nov. 20th on the "Latest" firmware branch.
        (Sorry, was out of office when this released)

        This update is for...
        All UltiMaker S series  
        New features
         
        Temperature status. During print preparation, the temperatures of the print cores and build plate will be shown on the display. This gives a better indication of the progress and remaining wait time. Save log files in paused state. It is now possible to save the printer's log files to USB if the currently active print job is paused. Previously, the Dump logs to USB option was only enabled if the printer was in idle state. Confirm print removal via Digital Factory. If the printer is connected to the Digital Factory, it is now possible to confirm the removal of a previous print job via the Digital Factory interface. This is useful in situations where the build plate is clear, but the operator forgot to select Confirm removal on the printer’s display. Visit this page for more information about this feature.
          • Like
        • 0 replies
      • Ultimaker Cura 5.6 stable released
        Cura now supports Method series printers!
         
        A year after the merger of Ultimaker and MakerBotQQ, we have unlocked the ability for users of our Method series printers to slice files using UltiMaker Cura. As of this release, users can find profiles for our Method and Method XL printers, as well as material profiles for ABS-R, ABS-CF, and RapidRinse. Meaning it’s now possible to use either Cura or the existing cloud-slicing software CloudPrint when printing with these printers or materials
        • 6 replies
    ×
    ×
    • Create New...