{"api_version":"1","generated_at":"2026-06-04T14:14:39+00:00","cve":"CVE-2017-14852","urls":{"html":"https://cve.report/CVE-2017-14852","api":"https://cve.report/api/cve/CVE-2017-14852.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-14852","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-14852"},"summary":{"title":"CVE-2017-14852","description":"An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.","state":"PUBLISHED","assigner":"mitre","published_at":"2019-06-03 19:29:00","updated_at":"2026-06-02 20:16:20"},"problem_types":["CWE-310","CWE-311","n/a","CWE-311 CWE-311 Missing Encryption of Sensitive Data"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"8.6","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":8.6,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"8.6","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/108167","name":"http://www.securityfocus.com/bid/108167","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Orpak SiteOmat ICSA-19-122-01 Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01","name":"https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"Orpak SiteOmat | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.orpak.com","name":"http://www.orpak.com","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Orpak Systems | Solutions and Services for Retail Gas Stations, Oil Companies & Commercial Fleets,  Service Station Management","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-14852","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14852","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"14852","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"orpak","cpe5":"siteomat","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2017","cve_id":"14852","cve":"CVE-2017-14852","epss":"0.002000000","percentile":"0.419290000","score_date":"2026-06-03","updated_at":"2026-06-04 00:06:34"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T19:42:22.255Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.orpak.com"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01"},{"name":"108167","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/108167"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":8.6,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","version":"3.1"}},{"other":{"content":{"id":"CVE-2017-14852","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-02T18:49:28.653738Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-311","description":"CWE-311 Missing Encryption of Sensitive Data","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-02T18:49:40.887Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2019-05-02T00:00:00.000Z","descriptions":[{"lang":"en","value":"An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-06-03T18:57:47.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"http://www.orpak.com"},{"tags":["x_refsource_MISC"],"url":"https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01"},{"name":"108167","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/108167"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-14852","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.orpak.com","refsource":"MISC","url":"http://www.orpak.com"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01"},{"name":"108167","refsource":"BID","url":"http://www.securityfocus.com/bid/108167"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2017-14852","datePublished":"2019-06-03T18:57:36.000Z","dateReserved":"2017-09-27T00:00:00.000Z","dateUpdated":"2026-06-02T18:49:40.887Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2019-06-03 19:29:00","lastModifiedDate":"2026-06-02 20:16:20","problem_types":["CWE-310","CWE-311","n/a","CWE-311 CWE-311 Missing Encryption of Sensitive Data"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:orpak:siteomat:*:*:*:*:*:*:*:*","versionEndExcluding":"6.4.414.084","matchCriteriaId":"FF41A56A-914A-4D8D-A310-AED1BC1CE9BA"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"14852","Ordinal":"1","Title":"CVE-2017-14852","CVE":"CVE-2017-14852","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"14852","Ordinal":"1","NoteData":"An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.","Type":"Description","Title":"CVE-2017-14852"},{"CveYear":"2017","CveId":"14852","Ordinal":"2","NoteData":"2019-06-03","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"14852","Ordinal":"3","NoteData":"2019-06-03","Type":"Other","Title":"Modified"}]}}}