CVE-2024-8374
📋 TL;DR
UltiMaker Cura 3D printing slicer versions 5.7.0-beta.1 through 5.7.2 contain a code injection vulnerability in the 3MF file reader. Attackers can craft malicious 3MF files that execute arbitrary Python code when loaded, potentially compromising user systems. This affects anyone using vulnerable Cura versions to process 3MF files from untrusted sources.
💻 Affected Systems
- UltiMaker Cura
📦 What is this software?
Ultimaker Cura by Ultimaker
Ultimaker Cura by Ultimaker
Ultimaker Cura by Ultimaker
Ultimaker Cura by Ultimaker
Ultimaker Cura by Ultimaker
Ultimaker Cura by Ultimaker
Ultimaker Cura by Ultimaker
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via arbitrary code execution, allowing attackers to install malware, steal data, or pivot to other systems.
Likely Case
Local privilege escalation or malware installation on the user's machine when opening malicious 3MF files from untrusted sources.
If Mitigated
No impact if users only open 3MF files from trusted sources or have patched versions.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious 3MF file, but the vulnerability is straightforward to exploit once the file format is understood.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.7.3 and later
Vendor Advisory: https://github.com/Ultimaker/Cura/commit/285a241eb28da3188c977f85d68937c0dad79c50
Restart Required: Yes
Instructions:
1. Open UltiMaker Cura. 2. Go to Help → Check for Updates. 3. Follow prompts to update to version 5.7.3 or later. 4. Restart Cura after installation completes.
🔧 Temporary Workarounds
Disable 3MF file loading
allTemporarily disable Cura's ability to open 3MF files until patched.
Not applicable - manual configuration change
Use only trusted 3MF sources
allOnly open 3MF files from verified, trusted sources until patched.
🧯 If You Can't Patch
- Restrict user permissions to limit potential damage from code execution
- Use application sandboxing or virtualization when processing untrusted 3MF files
🔍 How to Verify
Check if Vulnerable:
Check Cura version in Help → About Cura. If version is between 5.7.0-beta.1 and 5.7.2 inclusive, system is vulnerable.Check Version:
On Linux/macOS: cura --version; On Windows: Check in Help → About Cura GUIVerify Fix Applied:
After updating, verify version is 5.7.3 or later in Help → About Cura.📡 Detection & Monitoring
Log Indicators:
- Unusual Python execution errors in Cura logs
- Unexpected process spawns from Cura
Network Indicators:
- Unexpected outbound connections from Cura process
SIEM Query:
Process creation where parent process contains 'cura' and command line contains unusual Python execution patterns