CVE-2017-14853 in SiteOmat
Summary
by MITRE
The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/03/2026
The Orpak SiteOmat OrCU component represents a critical vulnerability in industrial control systems that exposes organizations to severe operational risks. This vulnerability affects all versions prior to the 2017-09-25 release, indicating a prolonged window of exposure for affected systems. The flaw resides within the search query functionality of the OrCU component, which directly executes shell commands without proper input validation or sanitization. This design decision creates a fundamental security weakness that allows attackers to manipulate system behavior through crafted requests.
The technical implementation of this vulnerability stems from improper input handling within the OrCU component's search functionality. When users submit search queries, the system processes these inputs by directly invoking shell commands rather than using safe parameterized approaches. This approach violates core security principles and creates an environment where attacker-controlled input can be executed as system commands. The vulnerability maps directly to CWE-78, which describes improper neutralization of special elements used in OS commands, and CWE-94, which addresses improper control of generation of code. The attack vector specifically enables command injection through HTTP requests, allowing adversaries to execute arbitrary shell commands on the affected device.
The operational impact of this vulnerability extends beyond simple unauthorized command execution, creating significant risks for industrial environments that rely on SiteOmat systems. Attackers can leverage this weakness to gain full control over the affected device, potentially leading to system compromise, data exfiltration, or disruption of critical operations. The ability to receive valid output from executed commands provides attackers with real-time feedback, enabling them to conduct reconnaissance and refine their attack strategies. This vulnerability particularly affects industrial control systems where system integrity and operational continuity are paramount, as unauthorized command execution could lead to physical damage or safety incidents.
Organizations should implement immediate mitigations including updating to the patched version released on 2017-09-25, which addresses the command injection vulnerability through proper input sanitization and command execution mechanisms. Network segmentation and access controls should be enforced to limit exposure, while monitoring systems should be deployed to detect anomalous command execution patterns. The vulnerability aligns with ATT&CK technique T1059.001 for command and script injection, and organizations should consider implementing defensive measures such as input validation, privilege separation, and regular security assessments. Additionally, implementing web application firewalls and conducting security code reviews can help prevent similar vulnerabilities in other components of the industrial control system infrastructure.