Vulnerability Description
An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Orpak | Siteomat | < 6.4.414.084 |
Related Weaknesses (CWE)
References
- http://www.orpak.comVendor Advisory
- http://www.securityfocus.com/bid/108167Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01Third Party AdvisoryUS Government Resource
- http://www.orpak.comVendor Advisory
- http://www.securityfocus.com/bid/108167Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-14852?
CVE-2017-14852 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture...
How severe is CVE-2017-14852?
CVE-2017-14852 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-14852?
Check the references section above for vendor advisories and patch information. Affected products include: Orpak Siteomat.