HIGH🇵🇱 Wersja polska

CVE-2019-13549

CVSS 7.5v3.1pub. 2019-10-25upd. 2024-11-21

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Carel Pcoweb Firmware

    OS
    Carel
    a1.5.3 – b1.2.4
  • Rittal Chiller Sk 3232

    HW
    Rittal
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-13553CRITICAL9.8ten sam produkt

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentic...

CVE-2024-47945CRITICAL9.8PL ✓ten sam vendor

Przewidywalne identyfikatory sesji w urządzeniach Rittal IoT Interface i CMC III

CVE-2022-34827CRITICAL9.9ten sam vendor

Carel Boss Mini 1.5.0 has Improper Access Control.

CVE-2020-11951CRITICAL9.8ten sam vendor

An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices....

CVE-2020-11956CRITICAL9.8ten sam vendor

An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices....