Vulnerabilities > Trane > Tracer SC Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-27 | CVE-2021-38450 | Unspecified vulnerability in Trane products The affected controllers do not properly sanitize the input containing code syntax. | 8.8 |
| 2021-10-22 | CVE-2021-42534 | Cross-site Scripting vulnerability in Trane Tracer SC Firmware The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms. | 4.3 |