#VU22293 Use of hard-coded credentials in pCOWeb and Chiller SK 3232-Series - CVE-2019-13553
Published: October 25, 2019
Vulnerability identifier: #VU22293
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2019-13553
CWE-ID: CWE-798
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
pCOWeb
Chiller SK 3232-Series
pCOWeb
Chiller SK 3232-Series
Software vendor:
Carel
Rittal
Carel
Rittal
Description
The vulnerability allows a remote attacker to disrupt the primary operations.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials and influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.