2 matches found
CVE-2021-41295 ECOA BAS controller - Cross-Site Request Forgery (CSRF)
ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands GET, POST, PUT, DELETE to perform arbitrary operations in the system...
CVE-2021-41295
CVE-2021-41295 affects ECOA Building Automation System CSRF in the ECOA BAS controller. Concrete details: vulnerable components include ECOA ECS Router Controller (ECS FLASH), ECOA RiskBuster Terminator (E6L45), ECOA RiskBuster System (RB 3.0.0 / TRANE 1.0), ECOA Graphic Control Software, ECOA Sm...