Pcoweb Firmware
CVE-2019-13549
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 - B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication.
AnalysisAI
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 - B1.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 - B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication. Affected products include: Carel Pcoweb Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.
More in Pcoweb Firmware
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today