Rewterz

Rewterz Threat Alert – CES Themed Targeting from Lazarus

October 24, 2019
Rewterz

Rewterz Threat Advisory – CVE-2019-13525 – ICS: Honeywell IP-AK2

October 25, 2019

Rewterz Threat Advisory – ICS: Rittal Chiller SK 3232-Series Multiple Vulnerabilities

Severity

High

Analysis Summary


CVE-2019-13549

The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication.

CVE-2019-13553

The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point.

Impact

  • Missing Authentication for Critical Function
  • Use of Hard-coded Credentials

Affected Vendors

Rittal

Affected Products

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4

Remediation

For information on mitigating these vulnerabilities contact Rittal Support by email at: info@rittal.de

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.