CVE-2017-14850 in SiteOmat
Summary
by MITRE
All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions or navigate victims outside of SiteOmat, to a malicious server owned by him.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 06/03/2026
The vulnerability identified as CVE-2017-14850 affects the Orpak SiteOmat web management console, a widely deployed industrial control system used for network management and monitoring. This critical security flaw manifests as multiple stored cross-site scripting vulnerabilities that exist across all known versions of the software, making it particularly concerning for organizations relying on this platform for critical infrastructure management. The vulnerability stems from inadequate input validation mechanisms that fail to properly sanitize external user inputs before processing and storing them within the application's database.
The technical implementation of this flaw allows attackers to inject malicious scripts into the web application's data storage, which then execute whenever legitimate users access the affected pages. This stored XSS vulnerability specifically occurs in the web management console's user input handling mechanisms, where user-supplied data is not adequately filtered or escaped before being rendered back to users. The vulnerability's impact is amplified by the fact that the attack requires only access to the web interface, which can be achieved through legitimate administrative credentials or through credential compromise attacks.
From an operational perspective, this vulnerability creates significant risk for organizations using SiteOmat systems, as successful exploitation enables attackers to hijack user sessions and redirect victims to malicious servers controlled by the attacker. The session hijacking capability allows unauthorized access to the management console with the privileges of authenticated users, potentially enabling full administrative control over the network management infrastructure. Additionally, the ability to redirect victims to malicious servers provides attackers with opportunities for further reconnaissance, data exfiltration, or deployment of additional malicious payloads within the target network environment.
The vulnerability aligns with CWE-79, which specifically addresses cross-site scripting flaws in web applications, and demonstrates characteristics consistent with ATT&CK technique T1059.007 for command and scripting interpreter usage. Organizations should immediately implement input validation and output encoding measures to prevent script injection, including implementing proper sanitization of all user inputs and applying secure coding practices that escape special characters in rendered content. Network segmentation and access control measures should be strengthened to limit exposure of the management console to unauthorized users, while regular security assessments should be conducted to identify and remediate similar vulnerabilities in other industrial control systems.