CVE-2017-14852

Published: Jun 3, 2019Modified: Jun 2, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.

Affected (1)

Products: Orpak: Siteomat

Orpak

1 product

Siteomat

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Orpak Siteomat	Before 6.4.414.084

Related CWEs

CWE-310

CWE-311

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (6)

http://www.orpak.com

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/108167

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.orpak.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/108167

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.