Abstract:
3D printing allows people and businesses to turn their ideas into real objects. There are many possibilities to use 3D printers. But since 3D printers are available at low budget, anyone can set up a 3D printer. Objects for printing are available en masse on the web. To control the printing process, users tend to set up a web interface. They allow the user to print in an unattended and structured way. However, web interfaces can be susceptible to security vulnerabilities. We adopt and complement a security catalog for 3D printing and evaluate three of the most popular 3D printing web interfaces with a security analysis based on the OWASP TOP 10 and TOP 10 API. We use three different attacker models to analyze the web interfaces Mainsail, fluidd and NanoDLP and eventually evaluate each vulnerability with a CVSS score. In total, there are 22 security vulnerabilities and 16 security issues. Each of the web interfaces has highly critical vulnerabilities.