CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
59.6%
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.
Vendor | Product | Version | CPE |
---|---|---|---|
trane | odyssey_split_systems | - | cpe:2.3:h:trane:odyssey_split_systems:-:*:*:*:*:*:*:* |
trane | symbio_700 | * | cpe:2.3:a:trane:symbio_700:*:*:*:*:*:*:*:* |
trane | intellipak_1 | - | cpe:2.3:h:trane:intellipak_1:-:*:*:*:*:*:*:* |
trane | symbio_800 | * | cpe:2.3:a:trane:symbio_800:*:*:*:*:*:*:*:* |
trane | intellipak_2 | - | cpe:2.3:h:trane:intellipak_2:-:*:*:*:*:*:*:* |
trane | ascend_air-cooled_chiller_acr | - | cpe:2.3:h:trane:ascend_air-cooled_chiller_acr:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
59.6%