9.8

CVE-2017-14728

EPSS 10.78%
Veröffentlicht 03.06.2019 19:29:00
Zuletzt bearbeitet 21.11.2024 03:13:24
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Orpak ≫ Siteomat Version < 6.4.414.084

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.78%	0.931

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

http://www.orpak.com/allproducts/siteomat-station-controller-sw/

Vendor Advisory

Product

http://www.securityfocus.com/bid/108167

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2017-14728

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-14728

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-14728

EUVD