CVE-2017-12733
CRITICALOPW SiteSentinel Integra 100/500 and iSite ATG Firmware < V175 - Unauthenticated Privilege Escalation
Title source: llmDescription
A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100563
Mitigation, Third Party Advisory, US Government Resource, VDB Entry x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-243-04
Scores
CVSS v3
9.8
EPSS
0.0234
EPSS Percentile
81.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (16)
n/a/OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite
OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite
opwglobal/sitesentinel_integra_100_firmware
16q3.1
opwglobal/sitesentinel_integra_100_firmware
189
opwglobal/sitesentinel_integra_100_firmware
191
opwglobal/sitesentinel_integra_100_firmware
195
opwglobal/sitesentinel_integra_100_firmware
< 175
opwglobal/sitesentinel_integra_500_firmware
16q3.1
opwglobal/sitesentinel_integra_500_firmware
189
opwglobal/sitesentinel_integra_500_firmware
191
opwglobal/sitesentinel_integra_500_firmware
195
... and 6 more
Published
Sep 09, 2017
Tracked Since
Feb 18, 2026