CVE-2017-14728

Published: Jun 3, 2019Modified: Jun 2, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public.

Affected (1)

Products: Orpak: Siteomat

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Orpak Siteomat	Before 6.4.414.084

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (6)

http://www.orpak.com/allproducts/siteomat-station-controller-sw/

Source: cve@mitre.org

ProductVendor Advisory

http://www.securityfocus.com/bid/108167

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.orpak.com/allproducts/siteomat-station-controller-sw/

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

http://www.securityfocus.com/bid/108167

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.