Vulnerabilities > CVE-2021-38448 - Unspecified vulnerability in Trane Symbio 700 and Symbio 800

047910
CVSS 7.6 - HIGH
Attack vector
PHYSICAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
low complexity
trane

Summary

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.

Vulnerable Configurations

Part Description Count
Application
Trane
2
Hardware
Trane
4