CVE-2017-14852
HIGHOrpak SiteOmat < 6.4.414.084 - Insecure Communication via Invalid SSL Certificate
Title source: llmDescription
An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
http://www.orpak.com
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108167
Scores
CVSS v3
8.6
EPSS
0.0100
EPSS Percentile
58.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-310
CWE-311
Status
published
Products (1)
orpak/siteomat
< 6.4.414.084
Published
Jun 03, 2019
Tracked Since
Feb 18, 2026