CVE-2017-14852

EUVD-2017-6341
An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
orpaksiteomat
𝑥
< 6.4.414.084
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.orpak.com
http://www.securityfocus.com/bid/108167
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01
http://www.orpak.com
http://www.securityfocus.com/bid/108167
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01