Rewterz Threat Alert – CES Themed Targeting from Lazarus

October 24, 2019

Rewterz Threat Advisory – CVE-2019-13525 – ICS: Honeywell IP-AK2

October 25, 2019

Rewterz Threat Advisory – ICS: Rittal Chiller SK 3232-Series Multiple Vulnerabilities

October 25, 2019

Severity

High

Analysis Summary

CVE-2019-13549

The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication.

CVE-2019-13553

The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point.

Impact

Missing Authentication for Critical Function
Use of Hard-coded Credentials

Affected Vendors

Rittal

Affected Products

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4

Remediation

For information on mitigating these vulnerabilities contact Rittal Support by email at: info@rittal.de

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

GitHub Tools Deployed in CrazyHunter Ransomware Campaigns – Active IOCs

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Sophisticated BPFDoor Malware Detected Targeting Linux Systems – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – CES Themed Targeting from Lazarus

Rewterz Threat Advisory – CVE-2019-13525 – ICS: Honeywell IP-AK2

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.