Vulnerability Description
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Carel | Pcoweb Firmware | >= a1.5.3, <= b1.2.4 |
| Rittal | Chiller Sk 3232 | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2019/Oct/46
- https://www.us-cert.gov/ics/advisories/icsa-19-297-01Third Party AdvisoryUS Government Resource
- http://seclists.org/fulldisclosure/2019/Oct/46
- https://www.us-cert.gov/ics/advisories/icsa-19-297-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-13549?
CVE-2019-13549 is a vulnerability with a CVSS score of 7.5 (HIGH). Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection agai...
How severe is CVE-2019-13549?
CVE-2019-13549 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13549?
Check the references section above for vendor advisories and patch information. Affected products include: Carel Pcoweb Firmware, Rittal Chiller Sk 3232.