Multiple vulnerabilities in Rittal Chiller SK 3232-Series

Oct 25, 2019 12:01 pm Cyber Security 576

Published: 2019-10-25 | Updated: 2019-10-25




Severity
High
Patch available
NO
Number of vulnerabilities
2
CVE ID
CVE-2019-13549CVE-2019-13553
CWE ID
CWE-306CWE-798
Exploitation vector
Network
Public exploit
N/A
Vulnerable software
pCOWeb SubscribeChiller SK 3232-Series
Vendor
CarelRittal

Security Advisory



1) Missing Authentication for Critical Function


Severity: High


CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:U/RC:C] [PCI]


CVE-ID: CVE-2019-13549


CWE-ID: CWE-306 - Missing Authentication for Critical Function


Description

The vulnerability allows a remote attacker to disrupt the primary operations.

The vulnerability exists due to the authentication mechanism does not provide a sufficient level of protection against unauthorized configuration changes. A remote attacker can modify without authentication the primary operations, namely turn the cooling unit on and off and set the temperature set point.


Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.


Vulnerable software versions

pCOWeb: A1.5.3, B1.2.4


Chiller SK 3232-Series: -


CPE
External links

https://ics-cert.us-cert.gov/advisories/icsa-19-297-01


..

Support the originator by clicking the read the rest link below.

multiple vulnerabilities rittal chiller series
Read The Rest from the original source
cybersecurity-help.cz

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!