CVE-2019-13553

Опубликовано: 25 окт. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point.

Ссылки

http://seclists.org/fulldisclosure/2019/Oct/45
https://www.us-cert.gov/ics/advisories/icsa-19-297-01
Third Party Advisory
US Government Resource
http://seclists.org/fulldisclosure/2019/Oct/45
https://www.us-cert.gov/ics/advisories/icsa-19-297-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:carel:pcoweb_firmware:*:*:*:*:*:*:*:*

Версия от a1.5.3 (включая) до b1.2.4 (включая)

cpe:2.3:h:rittal:chiller_sk_3232:-:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00184

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-6j53-rvq8-q9pr

github

больше 3 лет назад

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 ? B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point.