CVE-2021-38450 - OpenCVE

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Trane	Tracer Concierge Tracer Sc Tracer Sc\+ Tracer Sc\+ Firmware Tracer Sc Firmware

Configuration 1 [-]

OR	cpe:2.3:a:trane:tracer_concierge::::::::
	cpe:2.3:a:trane:tracer_concierge:5.5:-::::::

Configuration 2 [-]

AND

OR	cpe:2.3:o:trane:tracer_sc_firmware::::::::
	cpe:2.3:o:trane:tracer_sc_firmware:4.4:-::::::

cpe:2.3:h:trane:tracer_sc:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:trane:tracer_sc\+_firmware::::::::
	cpe:2.3:o:trane:tracer_sc\+_firmware:5.5:-::::::

cpe:2.3:h:trane:tracer_sc\+:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2021-10-27T00:48:50.750971Z

Updated: 2024-09-16T16:23:31.978Z

Reserved: 2021-08-10T00:00:00

Link: CVE-2021-38450

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-27T01:15:07.920

Modified: 2023-07-10T19:27:16.543

Link: CVE-2021-38450

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Tracer SC", "vendor": "Trane", "versions": [{"lessThan": "4.4 SP7", "status": "affected", "version": "All", "versionType": "custom"}]}, {"product": "Tracer SC+", "vendor": "Trane", "versions": [{"lessThan": "5.5 SP3", "status": "affected", "version": "All", "versionType": "custom"}]}, {"product": "Tracer Concierge", "vendor": "Trane", "versions": [{"lessThan": "5.5 SP3", "status": "affected", "version": "All", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Trane reported this vulnerability to CISA."}], "datePublic": "2021-09-27T00:00:00", "descriptions": [{"lang": "en", "value": "The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-27T00:48:50", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02"}], "solutions": [{"lang": "en", "value": "Affected users should contact a Trane representative to install updated firmware or request additional information. Please reference Trane service database number HUB-205962 when contacting the Trane office.\n\nTracer SC is no longer actively developed, tested, or sold. Tracer SC will be considered end-of-life on December 31, 2022. Trane recommends identifying a migration plan for replacing the Tracer SC controller with the next-generation Tracer SC+ controller. Tracer SC+ can function as a drop-in replacement for Tracer SC, providing significant updates to security capabilities.\n\nTrane has identified the following specific mitigations:\n\nTracer SC: Upgrade to v4.4 SP7 or later\nTracer SC+: Upgrade to v5.5 SP3 or later\nTracer Concierge: Upgrade to v5.5 SP3 or later"}], "source": {"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02", "discovery": "UNKNOWN"}, "title": "Trane Tracer Code Injection", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2021-09-27T15:34:00.000Z", "ID": "CVE-2021-38450", "STATE": "PUBLIC", "TITLE": "Trane Tracer Code Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Tracer SC", "version": {"version_data": [{"version_affected": "<", "version_name": "All", "version_value": "4.4 SP7"}]}}, {"product_name": "Tracer SC+", "version": {"version_data": [{"version_affected": "<", "version_name": "All", "version_value": "5.5 SP3"}]}}, {"product_name": "Tracer Concierge", "version": {"version_data": [{"version_affected": "<", "version_name": "All", "version_value": "5.5 SP3"}]}}]}, "vendor_name": "Trane"}]}}, "credit": [{"lang": "eng", "value": "Trane reported this vulnerability to CISA."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02", "refsource": "CONFIRM", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02"}]}, "solution": [{"lang": "en", "value": "Affected users should contact a Trane representative to install updated firmware or request additional information. Please reference Trane service database number HUB-205962 when contacting the Trane office.\n\nTracer SC is no longer actively developed, tested, or sold. Tracer SC will be considered end-of-life on December 31, 2022. Trane recommends identifying a migration plan for replacing the Tracer SC controller with the next-generation Tracer SC+ controller. Tracer SC+ can function as a drop-in replacement for Tracer SC, providing significant updates to security capabilities.\n\nTrane has identified the following specific mitigations:\n\nTracer SC: Upgrade to v4.4 SP7 or later\nTracer SC+: Upgrade to v5.5 SP3 or later\nTracer Concierge: Upgrade to v5.5 SP3 or later"}], "source": {"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:44:22.876Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38450", "datePublished": "2021-10-27T00:48:50.750971Z", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-09-16T16:23:31.978Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trane:tracer_concierge:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A89E714-635D-43E8-AE16-E9D2229AC7C2", "versionEndExcluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:trane:tracer_concierge:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "79E2A318-A85B-49AF-8FBD-9458EDD951D3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:trane:tracer_sc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "79B148E1-89D8-4A50-8755-28ADA831D0A1", "versionEndExcluding": "4.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:trane:tracer_sc_firmware:4.4:-:*:*:*:*:*:*", "matchCriteriaId": "E1AF3C02-701C-4EE3-A183-C8F600C8DAA4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:trane:tracer_sc:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0514AF8-5E91-4068-A507-575E71EFB16A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:trane:tracer_sc\\+_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CF67829-B4BF-4E8C-9644-24DB31B6BD60", "versionEndExcluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:trane:tracer_sc\\+_firmware:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "4E4D4363-D17B-4A12-84D0-0329CC4FE2B5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:trane:tracer_sc\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "767AACA0-E3F7-406A-AA1B-CCCF6816F399", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software."}, {"lang": "es", "value": "Los controladores afectados no sanean apropiadamente la entrada que contiene la sintaxis del c\u00f3digo. Como resultado, un atacante podr\u00eda dise\u00f1ar c\u00f3digo para alterar el flujo de controladores previsto del software"}], "id": "CVE-2021-38450", "lastModified": "2023-07-10T19:27:16.543", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2021-10-27T01:15:07.920", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}