Orpak Systems, known as Orpak, contained a string of security vulnerabilities in its fuel station management software, Siteomat. One of the serious flaws among them was the use of hard-coded usernames and passwords for application login. This flaw could have allowed attackers to conveniently access customer details, and then steal sensitive information.
Other flaws included those that led to remote code execution and denial of service(DoS) conditions. All these vulnerabilities were described in an advisory released by the Cybersecurity and Infrastructure Security Agency (CISA).
What are the vulnerabilities?
Thousands of stations affected
TechCrunch indicated that the vulnerable Siteomat software impacted thousands of service stations across the US.
“A cursory search of Shodan, a search engine for publicly available devices and databases, revealed more than 570 Orpak systems are connected to the internet out of more than 35,000 service stations across 60 countries. Most of the exposed systems are located in the U.S,” TechCrunch reported.
What action was taken?
Upon learning the vulnerabilities, Orpak has released the latest software version 6.4.414.139 which remediates all these flaws. Owners are advised to update to this latest version.