CVE-2021-38448

Summary

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.

Affected Software

VendorProductVersion RangeStatus
TraneSymbio700 < 1.00.0023affected
TraneSymbio800 < 1.00.0007affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

References