Back to search
CVE-2019-13549
Published: Oct 25, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication.
| Vendor | Product | Versions |
|---|---|---|
n/a | Rittal Chiller SK 3232-Series | affected Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4 |
Weaknesses (CWE)
References
https://www.us-cert.gov/ics/advisories/icsa-19-297-01
x_refsource_MISC
20191031 [RT-SA-2019-014] Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now