CVE-2021-38450

Summary

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.

Affected Software

VendorProductVersion RangeStatus
TraneTracer SCAll < 4.4 SP7affected
TraneTracer SC+All < 5.5 SP3affected
TraneTracer ConciergeAll < 5.5 SP3affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

References