CVE-2017-14853

Name of the Vulnerable Software and Affected Versions Orpak SiteOmat OrCU versions prior to 2017-09-25

Description The issue allows code injection due to a search query that uses a direct shell command. An attacker can tamper with the request to run shell commands and receive valid output from the device.

Recommendations For versions prior to 2017-09-25, consider restricting access to the search query functionality until a fix is available. As a temporary workaround, avoid using the search query feature that utilizes direct shell commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.