Main Vulnerability Database Vulnerabilities #VU22293

#VU22293 Use of hard-coded credentials in pCOWeb and Chiller SK 3232-Series - CVE-2019-13553

Published: October 25, 2019

Vulnerability identifier: #VU22293

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-13553

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
pCOWeb
Chiller SK 3232-Series

Software vendor:
Carel
Rittal

Description

The vulnerability allows a remote attacker to disrupt the primary operations.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials and influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsa-19-297-01

#VU22293 Use of hard-coded credentials in pCOWeb and Chiller SK 3232-Series - CVE-2019-13553

Description

Remediation

External links

Please verify you're human