Vulnerabilities > CVE-2021-38450 - Unspecified vulnerability in Trane products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

trane

NVD

Published: 2021-10-27

Updated: 2023-07-10

Summary

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.

Vulnerable Configurations

Part	Description	Count
Application	Trane Trane Tracer Concierge * Trane Tracer Concierge 5.5	2
OS	Trane Trane Tracer SC Firmware * Trane Tracer SC Firmware 4.4 Trane Tracer Sc+ Firmware * Trane Tracer Sc+ Firmware 5.5	4
Hardware	Trane Trane Tracer SC - Trane Tracer Sc+ -	2

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02