CVE-2017-14852

Vulnerability

CVE-2017-14852 describes an insecure communication channel between a user and the Orpak SiteOmat management console, caused by an invalid SSL certificate. This vulnerability affects all known versions of SiteOmat, with the advisory [1] indicating that versions prior to 6.4.414.084 are impacted. The missing encryption of sensitive data (CWE-311) allows an attacker to capture and decrypt network traffic.

Exploitation

An attacker with network access to the SiteOmat management console can perform a man-in-the-middle attack. No authentication or user interaction is required, and the attack is remotely exploitable with low skill level. Public exploits are available [1]. The attacker intercepts the SSL/TLS handshake and decrypts the communication due to the invalid certificate.

Impact

Successful exploitation results in the disclosure of sensitive data, including monitoring, configuration, and payment information. This can lead to unauthorized access to view and edit system settings, potentially enabling further compromise such as denial-of-service or remote code execution [1].

Mitigation

Orpak (acquired by Gilbarco Veeder-Root) has addressed this vulnerability in SiteOmat version 6.4.414.084 and later [1]. Users should upgrade to the fixed version. If immediate patching is not possible, network segmentation and the use of VPNs are recommended to limit exposure. No workaround is provided in the advisory.