Description
An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public.
References (3)
Core 3
Core References
Product, Vendor Advisory x_refsource_misc
http://www.orpak.com/allproducts/siteomat-station-controller-sw/
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108167
Scores
CVSS v3
9.8
EPSS
0.0624
EPSS Percentile
92.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-798
Status
published
Products (1)
orpak/siteomat
< 6.4.414.084
Published
Jun 03, 2019
Tracked Since
Feb 18, 2026