Vulnerability Details CVE-2021-38450
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.5%
CVSS Severity
CVSS v3 Score 9.9
CVSS v2 Score 6.5
References
Products affected by CVE-2021-38450
-
cpe:2.3:a:trane:tracer_concierge:*
-
cpe:2.3:a:trane:tracer_concierge:5.5
-
cpe:2.3:h:trane:tracer_sc+:-
-
cpe:2.3:h:trane:tracer_sc:-
-
cpe:2.3:o:trane:tracer_sc+_firmware:*
-
cpe:2.3:o:trane:tracer_sc+_firmware:5.5
-
cpe:2.3:o:trane:tracer_sc_firmware:*
-
cpe:2.3:o:trane:tracer_sc_firmware:4.4