Description
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-19-297-01
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Oct/45
Scores
CVSS v3
9.8
EPSS
0.0182
EPSS Percentile
75.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
carel/pcoweb_firmware
a1.5.3 - b1.2.4
Published
Oct 25, 2019
Tracked Since
Feb 18, 2026