@esertuk Just like @CarloK said above none of our printers are using the configuration option that allows for that particular exploit, so we are not rushing to include a new version. Nor are we currently aware of any CVE for nginx that we do expose our users to since all require specific configurations we don't use). We do asses security concerns on an ongoing basis, I imagine you could contact support and request our latest security assessment documentation.
I think the Jquery CVE's concerning XSS are a valid concern (albeit with the low impact of at worst (re-)starting a print, not retrieval of information AFAIK).
The S3 and the S5 have the option to enable the firewall, you can still use the cloud platform if you do but none of the software running on the printer is exposed to attackers on your internal network. This should alleviate any concerns from your IT department.
Edit: Adding up-sell, FTW? 😛
If your organization subscribes to Ultimaker Essentials your IT department can block access to the printer settings by configuring a pin code and enable the firewall on all printers remotely.
// Now I feel dirty, you can just enable the firewall and tell everyone to leave it on.
adding the up-sell
-
Our picks
-
Release Notes: S-Line Firmware 8.3.0 (Latest)
Dustin posted a topic in Firmware,
S-Line Firmware 8.3.0 was released Nov. 20th on the "Latest" firmware branch.
(Sorry, was out of office when this released)
This update is for...
All UltiMaker S series
New features
Temperature status. During print preparation, the temperatures of the print cores and build plate will be shown on the display. This gives a better indication of the progress and remaining wait time. Save log files in paused state. It is now possible to save the printer's log files to USB if the currently active print job is paused. Previously, the Dump logs to USB option was only enabled if the printer was in idle state. Confirm print removal via Digital Factory. If the printer is connected to the Digital Factory, it is now possible to confirm the removal of a previous print job via the Digital Factory interface. This is useful in situations where the build plate is clear, but the operator forgot to select Confirm removal on the printer’s display. Visit this page for more information about this feature.-
-
- 0 replies
.thumb.jpeg.0b7a05eafc09add17b8338efde5852e9.jpeg)
Picked By
MariMakes, -
-
Ultimaker Cura 5.6 stable released
ArunC posted a topic in UltiMaker Cura,
Cura now supports Method series printers!
A year after the merger of Ultimaker and MakerBotQQ, we have unlocked the ability for users of our Method series printers to slice files using UltiMaker Cura. As of this release, users can find profiles for our Method and Method XL printers, as well as material profiles for ABS-R, ABS-CF, and RapidRinse. Meaning it’s now possible to use either Cura or the existing cloud-slicing software CloudPrint when printing with these printers or materials-
- 9 replies
Picked By
MariMakes, -
-
.thumb.jpeg.0b7a05eafc09add17b8338efde5852e9.jpeg)
Recommended Posts
CarloK 202
@noverby Thanks for bringing this to our attention. We checked the vulnerability and it's only applicable when a certain configuration option in nginx is active. In our UM3 printers that option is not present, so this CVE is not applicable.
I'll make a note to update nginx in a next release, but because it has no impact on our printers we won't rush a new release.
Link to post
Share on other sites
noverby 0
Thanks @CarloK!
Link to post
Share on other sites