CVE-2017-14853

The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device.
References
Link Resource
http://www.securityfocus.com/bid/108167 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01 US Government Resource Third Party Advisory
https://www.orpak.com Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:orpak:siteomat:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-06-03 19:29

Updated : 2024-02-04 20:20


NVD link : CVE-2017-14853

Mitre link : CVE-2017-14853

CVE.ORG link : CVE-2017-14853


JSON object : View

Products Affected

orpak

  • siteomat
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')