CVE-2019-13553

Published: Oct 25, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point.

Affected (1)

Products: Carel: Pcoweb Firmware

1 product

Pcoweb Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Carel Pcoweb Firmware	From a1.5.3 to b1.2.4

Running on/with	Platform Versions
Rittal Chiller Sk 3232	All versions

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

http://seclists.org/fulldisclosure/2019/Oct/45

Source: ics-cert@hq.dhs.gov

https://www.us-cert.gov/ics/advisories/icsa-19-297-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

http://seclists.org/fulldisclosure/2019/Oct/45

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.us-cert.gov/ics/advisories/icsa-19-297-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.