#VU22292 Missing Authentication for Critical Function in pCOWeb and Chiller SK 3232-Series - CVE-2019-13549
Published: October 25, 2019
Vulnerability identifier: #VU22292
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2019-13549
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
pCOWeb
Chiller SK 3232-Series
pCOWeb
Chiller SK 3232-Series
Software vendor:
Carel
Rittal
Carel
Rittal
Description
The vulnerability allows a remote attacker to disrupt the primary operations.
The vulnerability exists due to the authentication mechanism does not provide a sufficient level of protection against unauthorized configuration changes. A remote attacker can modify without authentication the primary operations, namely turn the cooling unit on and off and set the temperature set point.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.