CVE-2017-14852

An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.

CVSS v3 8.6 HIGH
CVSS v2.0 5.0 MEDIUM

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.orpak.com	Vendor Advisory
http://www.securityfocus.com/bid/108167	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01	Third Party Advisory US Government Resource
http://www.orpak.com	Vendor Advisory
http://www.securityfocus.com/bid/108167	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:orpak:siteomat:*:*:*:*:*:*:*:*

History

02 Jun 2026, 20:16

Type	Values Removed	Values Added
CWE		CWE-311
CVSS	v2 : ~~5.0~~ v3 : ~~9.8~~	v2 : 5.0 v3 : 8.6

21 Nov 2024, 03:13

Type	Values Removed	Values Added
References	~~() http://www.orpak.com - Vendor Advisory~~	() http://www.orpak.com - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/108167 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/108167 - Third Party Advisory, VDB Entry
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01 - US Government Resource, Third Party Advisory~~	() https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01 - Third Party Advisory, US Government Resource

Information

Published : 2019-06-03 19:29

Updated : 2026-06-02 20:16

NVD link : CVE-2017-14852

Mitre link : CVE-2017-14852

CVE.ORG link : CVE-2017-14852

JSON object : View

Products Affected

orpak

siteomat

CWE

CWE-310

Cryptographic Issues

CWE-311

Missing Encryption of Sensitive Data

{"id": "CVE-2017-14852", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 3.9}]}, "published": "2019-06-03T19:29:00.437", "references": [{"url": "http://www.orpak.com", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/108167", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.orpak.com", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/108167", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data."}, {"lang": "es", "value": "Se encontr\u00f3 una comunicaci\u00f3n insegura entre el usuario y la consola de administraci\u00f3n de Orpak SiteOmat para todas las versiones conocidas, debido a un certificado SSL no v\u00e1lido. El ataque le permite a un intruso captar la comunicaci\u00f3n y descifrar los datos."}], "lastModified": "2026-06-02T20:16:20.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:orpak:siteomat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF41A56A-914A-4D8D-A310-AED1BC1CE9BA", "versionEndExcluding": "6.4.414.084"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}