CVE-2017-14854
published 2019-06-03CVE-2017-14854: A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to…
PriorityP260critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
7.23%
93.5th percentile
A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| orpak | siteomat | < 6.4.414.122 | 6.4.414.122 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Orpak SiteOmat CGI memory corruption (BID-108167)
vuldb·2026-06-03·CVSS 9.1
CVE-2017-14854 [CRITICAL] Orpak SiteOmat CGI memory corruption (BID-108167)
A vulnerability labeled as critical has been found in Orpak SiteOmat. This affects an unknown part of the component CGI. The manipulation results in memory corruption.
This vulnerability is reported as CVE-2017-14854. The attack can be launched remotely. No exploit exists.
The affected component should be upgraded.
GHSA
GHSA-p682-w72j-447w: A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution
ghsa_unreviewed·2022-05-24
CVE-2017-14854 [CRITICAL] CWE-119 GHSA-p682-w72j-447w: A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution
A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25.
CISA ICS
Orpak SiteOmat
cisa_ics·2019-05-06·CVSS 9.8
[CRITICAL] Orpak SiteOmat
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Orpak SiteOmat
Last RevisedMay 06, 2019
Alert CodeICSA-19-122-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available
- Vendor: Orpak (acquired by Gilbarco Veeder-Root)
- Equipment: SiteOmat
- Vulnerabilities: Use of Hard-coded Credentials, Cross-site Scripting, SQL Injection, Missing Encryption of Sensitive Data, Code Injection, Stack-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in arbitrary remote code execution resulting in possible denial
No detection rules found.
No public exploits indexed.
Securelist
Gas is too expensive? Let’s make it cheap!
blogs_securelist·2018-02-07
Gas is too expensive? Let’s make it cheap!
Authors
- Ido Naor
A few months ago, while undertaking unrelated research into online connected devices, we uncovered something surprising and realized almost immediately that we could be looking at a critical security threat. What we found was a simple purple web interface that was in fact a link to a real-life gas station, and we suspected this link made the station remotely hackable.
Amihai Neiderman, then working for Azimuth security, and I investigated the findings. When our suspicions turned out to be true, we reported them to the vendor.
The story was covered recently by Motherboard VICE, and here we will share some of the technical details behind it. Further details of this research will be shared in early March at the Security Analyst Summit 2018 in Cancun.
The device we inve
Securelist
Gas is too expensive? Let’s make it cheap!
blogs_securelist·2018-02-07
Gas is too expensive? Let’s make it cheap!
Authors
Ido Naor
A few months ago, while undertaking unrelated research into online connected devices, we uncovered something surprising and realized almost immediately that we could be looking at a critical security threat. What we found was a simple purple web interface that was in fact a link to a real-life gas station, and we suspected this link made the station remotely hackable.
Amihai Neiderman, then working for Azimuth security, and I investigated the findings. When our suspicions turned out to be true, we reported them to the vendor.
The story was covered recently by Motherboard VICE , and here we will share some of the technical details behind it. Further details of this research will be shared in early March at the Security Analyst Summit 2018 in Cancun.
The device we inves
2019-06-03
Published