Description
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-19-297-01
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Oct/46
Scores
CVSS v3
7.5
EPSS
0.0103
EPSS Percentile
59.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-306
Status
published
Products (1)
carel/pcoweb_firmware
a1.5.3 - b1.2.4
Published
Oct 25, 2019
Tracked Since
Feb 18, 2026