CVE-2019-13549

Name of the Vulnerable Software and Affected Versions Rittal Chiller SK 3232-Series versions A1.5.3 through B1.2.4

Description The issue concerns the authentication mechanism in the web interface of the affected systems, which does not provide sufficient protection against unauthorized configuration changes. This allows primary operations, such as turning the cooling unit on and off and setting the temperature set point, to be modified without authentication.

Recommendations For versions A1.5.3 through B1.2.4, consider restricting access to the web interface until a fix is available, and ensure that physical access to the device is controlled to prevent unauthorized changes. As a temporary workaround, limit the use of the web interface for configuration changes and rely on alternative, more secure methods for managing the device.