CVE-2021-38448

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 22-11-2021 08:15

Last modified: - 10-05-2022 02:29

Total changes: - 3

Description

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Low

Attack complexity

Physical

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Changed

Scope

None

User interaction

7.6

Base score

0.9

6.0

Exploitability score

Impact score

Verification logic

AND

vendor=trane AND product=symbio_700 AND versionEndExcluding=1.00.0023

vendor=trane AND product=odyssey_split_systems AND version=-

AND

vendor=trane AND product=symbio_800 AND versionEndExcluding=1.30.0008

vendor=trane AND product=intellipak_1 AND version=-

AND

vendor=trane AND product=symbio_800 AND versionEndExcluding=1.30.0008

vendor=trane AND product=intellipak_2 AND version=-

AND

vendor=trane AND product=symbio_800 AND versionEndExcluding=1.10.0010

vendor=trane AND product=ascend_air-cooled_chiller_acr AND version=-

Reference

https://us-cert.cisa.gov/ics/advisories/icsa-21-266-01

Keywords

CVE-2021-38448

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-38448

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures