ICSA-19-122-01 · Published 2019-05-02 · View on CISA ICS-CERT ↗

Orpak SiteOmat

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could result in arbitrary remote code execution resulting in possible denial-of-service conditions and unauthorized access to view and edit monitoring, configuration, and payment information.

CVEs (6)

CVE-2017-14728 CVE-2017-14850 CVE-2017-14851 CVE-2017-14852 CVE-2017-14853 CVE-2017-14854

Remediations

Orpak recommends users of affected versions update to the latest release v6.4.414.139 or later. The update can be obtained by contacting customer care with the following options:Online Ticket (login required): https://support.zoho.com/portal/orpak/home Email: [email protected]

Affected Vendors

Orpak, Gilbarco Veeder-Root

Affected Products (2)

Orpak, Gilbarco Veeder-Root · SiteOmat < 6.4.414.122

Orpak, Gilbarco Veeder-Root · SiteOmat < 6.4.414.084

Affected Sectors

Commercial Facilities, Energy, Transportation Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more