CVE-2017-14853
8.6 HIGHThe Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses ...
Published: 2019-06-03 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 8.6 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
- CWE
- CWE-94
Affected products
| Vendor | Product |
|---|---|
| orpak | siteomat |
Description
The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2017-14853
- [Other]http://www.securityfocus.com/bid/108167
- [Other]https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01
- [Vendor advisory]https://www.orpak.com
- [Other]http://www.securityfocus.com/bid/108167
- [Other]https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01
- [Vendor advisory]https://www.orpak.com
Related CVEs
Same vendor
- CVE-2017-14854 — A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution (9.1 CRITICAL)
- CVE-2017-14852 — An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SS... (8.6 HIGH)
- CVE-2017-14851 — A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25 (9.8 CRITICAL)
- CVE-2017-14850 — All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to... (6.1 MEDIUM)
- CVE-2017-14728 — An authentication bypass was found in an unknown area of the SiteOmat source code (9.8 CRITICAL)
Same CWE
- CVE-2026-50223 — Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with C...
- CVE-2026-45558 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers (9.9 CRITICAL)
- CVE-2026-46517 — LMDeploy is a toolkit for compressing, deploying, and serving large language models (7.8 HIGH)
- CVE-2026-46432 — LMDeploy is a toolkit for compressing, deploying, and serving large language models (7.8 HIGH)
- CVE-2026-47292 — Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally (7.8 HIGH)