Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_TRANE_CVE-2021-38448.NASL
HistorySep 27, 2023 - 12:00 a.m.

Trane Symbio Improper Control of Generation of Code (CVE-2021-38448)

2023-09-2700:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
trane
symbio
improper control
code generation
cve-2021-38448
tenable.ot
vulnerability
firmware update
vulnerable versions
controller access
remote access
user credentials

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.6 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.9%

JSON

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501740);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");

  script_cve_id("CVE-2021-38448");

  script_name(english:"Trane Symbio Improper Control of Generation of Code (CVE-2021-38448)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The affected controllers do not properly sanitize the input containing
code syntax. As a result, an attacker could craft code to alter the
intended controller flow of the software.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://us-cert.cisa.gov/ics/advisories/icsa-21-266-01");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Affected users should contact a Trane office to make arrangements to install updated firmware or to request additional
information. Please reference Trane service database number HUB-205962 when contacting Trane. Trane recommends the
applications below be updated to the versions listed below.

Symbio 700:

- Odyssey Split Systems: All versions prior to v1.00.0023

Symbio 800:

- IntelliPak Rooftop Air Conditioner: All versions prior to v1.30.0008
- Ascend Air-cooled Chiller Model ACR: All versions prior to v1.10.0010
- Agility Water-Cooled Chiller Model HDWA: All versions prior to v1.00.0010

In addition to the specific recommendations above, Trane continues to recommend the following best practices as an
additional protection against this and other controller vulnerabilities:

- Restrict physical controller access to trained and trusted personnel.
- Use secure remote access solutions, such as Trane Connect Remote Access, when needed.
- Ensure user credentials are not shared and follow best practices for appropriate complexity (e.g., strong passwords).
- Have a well-documented process and owner to ensure regular software/firmware updates and keep systems up to date.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-38448");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(94);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/11/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/27");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:trane:symbio_700");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:trane:symbio_800");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Trane");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Trane');

var asset = tenable_ot::assets::get(vendor:'Trane');

var vuln_cpes = {
    "cpe:/a:trane:symbio_700" :
        {"versionEndExcluding" : "1.00.0023", "family" : "Symbio"},
    "cpe:/a:trane:symbio_800" :
        {"versionEndExcluding" : "1.30.0008", "family" : "Symbio"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
tranesymbio_700cpe:/a:trane:symbio_700
tranesymbio_800cpe:/a:trane:symbio_800

Related

ics 1
cvelist 1
cve 1
nvd 1
prion 1
ics
ics
Trane Symbio (Update B)
2022-01-13 12:00:00
cvelist
cvelist
CVE-2021-38448 Trane Symbio Improper Control of Generation of Code
2021-11-22 18:58:45
cve
cve
CVE-2021-38448
2021-11-22 19:15:07
nvd
nvd
CVE-2021-38448
2021-11-22 19:15:07
prion
prion
Design/Logic Flaw
2021-11-22 19:15:00

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.6 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.9%

JSON
Related for TENABLE_OT_TRANE_CVE-2021-38448.NASL
ics1cvelist1cve1nvd1prion1