Rittal Chiller SK 3232-Series (ICSA-19-297-01) – Product Used in the Energy Sector

CISA has published an advisory on missing authentication for critical function and use of hard-coded credentials vulnerabilities in Rittal Chiller SK 3232-Series. The Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4 is affected. Successful exploitation of these vulnerabilities could disrupt the primary operations of the affected component, shut down cooling to other equipment, and allow changes to the temperature set point. CISA recommends users of the product contact Rittal directly for information about mitigating these vulnerabilities. It also offers a list of actions to mitigate the vulnerabilities. Read the advisory at CISA.