Sign-up

ID

VAR-201910-1189


CVE

CVE-2019-13553


TITLE

Rittal Chiller SK 3232-Series Trust Management Issue Vulnerability

Trust: 1.4

sources: IVD: e41e3f25-7243-4c72-8763-2ef6d713b92a // CNVD: CNVD-2019-39583 // CNNVD: CNNVD-201910-1480

DESCRIPTION

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point. Carel pCOWeb The firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Rittal Chiller SK 3232-Series is a liquid cooling device from Rittal

Trust: 2.34

sources: NVD: CVE-2019-13553 // JVNDB: JVNDB-2019-011384 // CNVD: CNVD-2019-39583 // IVD: e41e3f25-7243-4c72-8763-2ef6d713b92a

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e41e3f25-7243-4c72-8763-2ef6d713b92a // CNVD: CNVD-2019-39583

AFFECTED PRODUCTS

vendor:carelmodel:pcowebscope:gteversion:a1.5.3

Trust: 1.0

vendor:carelmodel:pcowebscope:lteversion:b1.2.4

Trust: 1.0

vendor:carel industries s p amodel:pcoweb cardscope: - version: -

Trust: 0.8

vendor:rittalmodel:chiller sk 3232-seriesscope: - version: -

Trust: 0.6

vendor:carelmodel:pcowebscope:eqversion:b1.2.4

Trust: 0.6

vendor:carelmodel:pcowebscope:eqversion:a1.5.3

Trust: 0.6

vendor:carelmodel:pcowebscope:eqversion:a2.0.4

Trust: 0.6

vendor:rittalmodel:chiller sk 3232scope:eqversion: -

Trust: 0.6

vendor:pcowebmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e41e3f25-7243-4c72-8763-2ef6d713b92a // CNVD: CNVD-2019-39583 // JVNDB: JVNDB-2019-011384 // CNNVD: CNNVD-201910-1480 // NVD: CVE-2019-13553

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13553
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-13553
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-39583
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201910-1480
value: CRITICAL

Trust: 0.6

IVD: e41e3f25-7243-4c72-8763-2ef6d713b92a
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2019-13553
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-39583
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e41e3f25-7243-4c72-8763-2ef6d713b92a
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-13553
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-13553
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: e41e3f25-7243-4c72-8763-2ef6d713b92a // CNVD: CNVD-2019-39583 // JVNDB: JVNDB-2019-011384 // CNNVD: CNNVD-201910-1480 // NVD: CVE-2019-13553

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.8

sources: JVNDB: JVNDB-2019-011384 // NVD: CVE-2019-13553

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1480

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201910-1480

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011384

PATCH
title:pCOWeb cardurl:https://www.carel.com/bms-building-management-system-na/-/journal_content/56_INSTANCE_i4q5KIMLInKK/10191/55239
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011384

EXTERNAL IDS
db:NVDid:CVE-2019-13553
Trust: 3.2
db:ICS CERTid:ICSA-19-297-01
Trust: 3.0
db:CNVDid:CNVD-2019-39583
Trust: 0.8
db:CNNVDid:CNNVD-201910-1480
Trust: 0.8
db:JVNDBid:JVNDB-2019-011384
Trust: 0.8
db:IVDid:E41E3F25-7243-4C72-8763-2EF6D713B92A
Trust: 0.2
sources:
            
            
            IVD: e41e3f25-7243-4c72-8763-2ef6d713b92a // 
            
            
            
            CNVD: CNVD-2019-39583 // 
            
            
            
            JVNDB: JVNDB-2019-011384 // 
            
            
            
            CNNVD: CNNVD-201910-1480 // 
            
            
            
            NVD: CVE-2019-13553

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-297-01
Trust: 3.0
url:http://seclists.org/fulldisclosure/2019/oct/45
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-13553
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13553
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-39583 // 
            
            
            
            JVNDB: JVNDB-2019-011384 // 
            
            
            
            CNNVD: CNNVD-201910-1480 // 
            
            
            
            NVD: CVE-2019-13553

SOURCES
db:IVDid:e41e3f25-7243-4c72-8763-2ef6d713b92a
db:CNVDid:CNVD-2019-39583
db:JVNDBid:JVNDB-2019-011384
db:CNNVDid:CNNVD-201910-1480
db:NVDid:CVE-2019-13553

LAST UPDATE DATE
2024-11-23T23:08:14.062000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-39583date:2019-11-07T00:00:00
db:JVNDBid:JVNDB-2019-011384date:2019-11-06T00:00:00
db:CNNVDid:CNNVD-201910-1480date:2020-02-12T00:00:00
db:NVDid:CVE-2019-13553date:2024-11-21T04:25:08.087

SOURCES RELEASE DATE
db:IVDid:e41e3f25-7243-4c72-8763-2ef6d713b92adate:2019-11-07T00:00:00
db:CNVDid:CNVD-2019-39583date:2019-11-07T00:00:00
db:JVNDBid:JVNDB-2019-011384date:2019-11-06T00:00:00
db:CNNVDid:CNNVD-201910-1480date:2019-10-24T00:00:00
db:NVDid:CVE-2019-13553date:2019-10-25T18:15:10.943