CVE-2021-38448

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...

Design/Logic Flaw

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...

CVE-2021-38450

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...

CVE-2021-38450

CVE-2021-38450 (Trane Tracer) is caused by improper sanitization of input containing code syntax, enabling code injection that could alter controller flow. Affected products and versions: Tracer SC (all versions before v4.4 SP7), Tracer SC+ (before v5.5 SP3), Tracer Concierge (before v5.5 SP3). I...

PT-2021-22128

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned. Description The issue arises from the affected controllers not properly sanitizing the input containing code syntax. This allows an attacker to craft code that can alter the intended controller...