CVE-2021-38450
9.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
Summary
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Trane | Tracer SC | All < 4.4 SP7 | affected |
| Trane | Tracer SC+ | All < 5.5 SP3 | affected |
| Trane | Tracer Concierge | All < 5.5 SP3 | affected |
Weaknesses
- CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.