exploitDog

CVE-2017-14852

Опубликовано: 03 июн. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.

Ссылки

http://www.orpak.com
Vendor Advisory
http://www.securityfocus.com/bid/108167
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01
Third Party Advisory
US Government Resource
http://www.orpak.com
Vendor Advisory
http://www.securityfocus.com/bid/108167
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:orpak:siteomat:*:*:*:*:*:*:*:*

Версия до 6.4.414.084 (исключая)

EPSS

Процентиль: 72%

0.00713

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

GHSA-pp8q-gcv4-jjfq

CVSS3: 9.8

github

больше 3 лет назад

An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.

EPSS

Процентиль: 72%

0.00713

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-310