5 matches found
Trane Symbio Improper Control of Generation of Code (CVE-2021-38448)
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...
CVE-2021-38448
creationtimestamp| type| source ---|---|--- 2021-11-22 22:20:01+00:00| seen| https://t.me/cibsecurity/32817...
CVE-2021-38448
CVE-2021-38448 affects Trane Symbio controllers (Symbio 700 and Symbio 800). The root cause is improper sanitization of input containing code syntax, allowing a crafted input to alter controller flow and potentially execute arbitrary code. Public advisories (ICS-CERT/US-CISA) link this to code in...
CVE-2021-38448 Trane Symbio Improper Control of Generation of Code
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...
Trane Symbio (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Trane Equipment: Symbio 700 and Symbio 800 controllers Vulnerability: Code Injection 2. UPDATE INFORMATION The updated advisory is a follow-up to the original advisory titled ICSA-21-266-01 Trane Symbio that was published...