OTPulse
FeedAboutContact

Ice Qube Thermal Management Center

Plan Patch8.6ICS-CERT ICSA-18-249-01Sep 6, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Ice Qube Thermal Management Center versions prior to 4.13 contain authentication bypass and weak credential storage vulnerabilities (CWE-287, CWE-256) that could allow an attacker to gain unauthorized access to configuration files and obtain sensitive information.

What this means
What could happen
An attacker could bypass authentication or use weak credentials to access the Thermal Management Center, gaining the ability to view or modify cooling system configurations, which could disrupt thermal management and potentially lead to equipment damage or shutdown.
Who's at risk
Data center and facility management operators using Ice Qube Thermal Management Center for cooling system monitoring and control. This affects any organization managing thermal infrastructure for server rooms, telecom facilities, or industrial cooling systems that rely on TMC for operational visibility and configuration management.
How it could be exploited
An attacker on the network reachable by the Thermal Management Center could exploit authentication bypass or brute-force weak credential storage to gain administrative access. Once authenticated, they could modify system configurations or extract sensitive data from the device.
Prerequisites
  • Network access to the Thermal Management Center device or its web interface
  • Device must be reachable from the attacker's network segment
remotely exploitableno authentication requiredlow complexityhigh CVSS score (8.6)
Exploitability
Moderate exploit probability (EPSS 2.3%)
Affected products (1)
ProductAffected VersionsFix Status
Thermal Management Center: all< 4.134.13 or later
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGRestrict network access to Thermal Management Center: ensure it is not accessible from the Internet and isolate it behind a firewall from the business network
HARDENINGIf remote access to TMC is required, use secure VPN with current patches and strong authentication
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Thermal Management Center to version 4.13 or later by contacting Ice Qube Technical Support (service@iceqube.com or 724-837-7600)
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/99000c0c-c717-4dcd-a56c-e98371893522
Ice Qube Thermal Management Center | CVSS 8.6 - OTPulse