Description
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.
References (1)
Core 1
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_confirm
https://us-cert.cisa.gov/ics/advisories/icsa-21-266-01
Scores
CVSS v3
7.5
EPSS
0.0027
EPSS Percentile
18.9%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (2)
trane/symbio_700
< 1.00.0023
trane/symbio_800
< 1.30.0008
Published
Nov 22, 2021
Tracked Since
Feb 18, 2026