CVE-2017-14852
published 2019-06-03CVE-2017-14852: An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The…
PriorityP341high8.6CVSS 3.1
AVNACLPRNUINSUCHILAL
EPSS
1.00%
58.6th percentile
An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| orpak | siteomat | < 6.4.414.084 | 6.4.414.084 |
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Orpak SiteOmat Management Console SSL Certificate cryptographic issue (BID-108167)
vuldb·2026-06-03·CVSS 8.6
CVE-2017-14852 [HIGH] Orpak SiteOmat Management Console SSL Certificate cryptographic issue (BID-108167)
A vulnerability categorized as critical has been discovered in Orpak SiteOmat. Affected by this vulnerability is an unknown functionality of the component Management Console. Executing a manipulation as part of SSL Certificate can lead to cryptographic issues.
This vulnerability is registered as CVE-2017-14852. It is possible to launch the attack remotely. No exploit is available.
GHSA
GHSA-pp8q-gcv4-jjfq: An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate
ghsa_unreviewed·2022-05-24
CVE-2017-14852 [CRITICAL] GHSA-pp8q-gcv4-jjfq: An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate
An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.
CISA ICS
Orpak SiteOmat
cisa_ics·2019-05-06·CVSS 9.8
[CRITICAL] Orpak SiteOmat
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Orpak SiteOmat
Last RevisedMay 06, 2019
Alert CodeICSA-19-122-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available
- Vendor: Orpak (acquired by Gilbarco Veeder-Root)
- Equipment: SiteOmat
- Vulnerabilities: Use of Hard-coded Credentials, Cross-site Scripting, SQL Injection, Missing Encryption of Sensitive Data, Code Injection, Stack-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in arbitrary remote code execution resulting in possible denial
No detection rules found.
No public exploits indexed.
Securelist
Gas is too expensive? Let’s make it cheap!
blogs_securelist·2018-02-07
Gas is too expensive? Let’s make it cheap!
Authors
- Ido Naor
A few months ago, while undertaking unrelated research into online connected devices, we uncovered something surprising and realized almost immediately that we could be looking at a critical security threat. What we found was a simple purple web interface that was in fact a link to a real-life gas station, and we suspected this link made the station remotely hackable.
Amihai Neiderman, then working for Azimuth security, and I investigated the findings. When our suspicions turned out to be true, we reported them to the vendor.
The story was covered recently by Motherboard VICE, and here we will share some of the technical details behind it. Further details of this research will be shared in early March at the Security Analyst Summit 2018 in Cancun.
The device we inve
Securelist
Gas is too expensive? Let’s make it cheap!
blogs_securelist·2018-02-07
Gas is too expensive? Let’s make it cheap!
Authors
Ido Naor
A few months ago, while undertaking unrelated research into online connected devices, we uncovered something surprising and realized almost immediately that we could be looking at a critical security threat. What we found was a simple purple web interface that was in fact a link to a real-life gas station, and we suspected this link made the station remotely hackable.
Amihai Neiderman, then working for Azimuth security, and I investigated the findings. When our suspicions turned out to be true, we reported them to the vendor.
The story was covered recently by Motherboard VICE , and here we will share some of the technical details behind it. Further details of this research will be shared in early March at the Security Analyst Summit 2018 in Cancun.
The device we inves
2019-06-03
Published