CISA has published an advisory on missing authentication for critical function and use of hard-coded credentials vulnerabilities in Rittal Chiller SK 3232-Series. The Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4 is affected. Successful exploitation of these vulnerabilities could disrupt the primary operations of the affected component, shut down cooling to other equipment, and allow changes to the temperature set point. CISA recommends users of the product contact Rittal directly for information about mitigating these vulnerabilities. It also offers a list of actions to mitigate the vulnerabilities. Read the advisory at CISA.
H2OSecCon Spring 2024 - featuring panels and briefings on cybersecurity, physical security, operational resilience, and more - is on May 23. REGISTER NOW!