CVE-2019-13553

EUVD-2019-5008
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2019/Oct/45
https://www.us-cert.gov/ics/advisories/icsa-19-297-01
http://seclists.org/fulldisclosure/2019/Oct/45
https://www.us-cert.gov/ics/advisories/icsa-19-297-01