CVE-2021-38450 - OpenCVE

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Trane	Tracer Sc\+ Tracer Sc Firmware Tracer Sc\+ Firmware Tracer Sc Tracer Concierge

Configuration 1 [-]

OR	cpe:2.3:a:trane:tracer_concierge::::::::
	cpe:2.3:a:trane:tracer_concierge:5.5:-::::::

Configuration 2 [-]

AND

OR	cpe:2.3:o:trane:tracer_sc_firmware::::::::
	cpe:2.3:o:trane:tracer_sc_firmware:4.4:-::::::

cpe:2.3:h:trane:tracer_sc:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:trane:tracer_sc\+_firmware::::::::
	cpe:2.3:o:trane:tracer_sc\+_firmware:5.5:-::::::

cpe:2.3:h:trane:tracer_sc\+:-:*:*:*:*:*:*:*

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2021-09-27T00:00:00

Updated: 2021-10-27T00:48:50

Reserved: 2021-08-10T00:00:00

Link: CVE-2021-38450

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-10-27T01:15:07.920

Modified: 2023-07-10T19:27:16.543

Link: CVE-2021-38450

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Tracer SC", "vendor": "Trane", "versions": [{"lessThan": "4.4 SP7", "status": "affected", "version": "All", "versionType": "custom"}]}, {"product": "Tracer SC+", "vendor": "Trane", "versions": [{"lessThan": "5.5 SP3", "status": "affected", "version": "All", "versionType": "custom"}]}, {"product": "Tracer Concierge", "vendor": "Trane", "versions": [{"lessThan": "5.5 SP3", "status": "affected", "version": "All", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Trane reported this vulnerability to CISA."}], "datePublic": "2021-09-27T00:00:00", "descriptions": [{"lang": "en", "value": "The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-27T00:48:50", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02"}], "solutions": [{"lang": "en", "value": "Affected users should contact a Trane representative to install updated firmware or request additional information. Please reference Trane service database number HUB-205962 when contacting the Trane office.\n\nTracer SC is no longer actively developed, tested, or sold. Tracer SC will be considered end-of-life on December 31, 2022. Trane recommends identifying a migration plan for replacing the Tracer SC controller with the next-generation Tracer SC+ controller. Tracer SC+ can function as a drop-in replacement for Tracer SC, providing significant updates to security capabilities.\n\nTrane has identified the following specific mitigations:\n\nTracer SC: Upgrade to v4.4 SP7 or later\nTracer SC+: Upgrade to v5.5 SP3 or later\nTracer Concierge: Upgrade to v5.5 SP3 or later"}], "source": {"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02", "discovery": "UNKNOWN"}, "title": "Trane Tracer Code Injection", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2021-09-27T15:34:00.000Z", "ID": "CVE-2021-38450", "STATE": "PUBLIC", "TITLE": "Trane Tracer Code Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Tracer SC", "version": {"version_data": [{"version_affected": "<", "version_name": "All", "version_value": "4.4 SP7"}]}}, {"product_name": "Tracer SC+", "version": {"version_data": [{"version_affected": "<", "version_name": "All", "version_value": "5.5 SP3"}]}}, {"product_name": "Tracer Concierge", "version": {"version_data": [{"version_affected": "<", "version_name": "All", "version_value": "5.5 SP3"}]}}]}, "vendor_name": "Trane"}]}}, "credit": [{"lang": "eng", "value": "Trane reported this vulnerability to CISA."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02", "refsource": "CONFIRM", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02"}]}, "solution": [{"lang": "en", "value": "Affected users should contact a Trane representative to install updated firmware or request additional information. Please reference Trane service database number HUB-205962 when contacting the Trane office.\n\nTracer SC is no longer actively developed, tested, or sold. Tracer SC will be considered end-of-life on December 31, 2022. Trane recommends identifying a migration plan for replacing the Tracer SC controller with the next-generation Tracer SC+ controller. Tracer SC+ can function as a drop-in replacement for Tracer SC, providing significant updates to security capabilities.\n\nTrane has identified the following specific mitigations:\n\nTracer SC: Upgrade to v4.4 SP7 or later\nTracer SC+: Upgrade to v5.5 SP3 or later\nTracer Concierge: Upgrade to v5.5 SP3 or later"}], "source": {"advisory": "https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38450", "datePublished": "2021-09-27T00:00:00", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2021-10-27T00:48:50", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trane:tracer_concierge:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A89E714-635D-43E8-AE16-E9D2229AC7C2", "versionEndExcluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:trane:tracer_concierge:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "79E2A318-A85B-49AF-8FBD-9458EDD951D3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:trane:tracer_sc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "79B148E1-89D8-4A50-8755-28ADA831D0A1", "versionEndExcluding": "4.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:trane:tracer_sc_firmware:4.4:-:*:*:*:*:*:*", "matchCriteriaId": "E1AF3C02-701C-4EE3-A183-C8F600C8DAA4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:trane:tracer_sc:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0514AF8-5E91-4068-A507-575E71EFB16A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:trane:tracer_sc\\+_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CF67829-B4BF-4E8C-9644-24DB31B6BD60", "versionEndExcluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:trane:tracer_sc\\+_firmware:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "4E4D4363-D17B-4A12-84D0-0329CC4FE2B5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:trane:tracer_sc\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "767AACA0-E3F7-406A-AA1B-CCCF6816F399", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software."}, {"lang": "es", "value": "Los controladores afectados no sanean apropiadamente la entrada que contiene la sintaxis del c\u00f3digo. Como resultado, un atacante podr\u00eda dise\u00f1ar c\u00f3digo para alterar el flujo de controladores previsto del software"}], "id": "CVE-2021-38450", "lastModified": "2023-07-10T19:27:16.543", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2021-10-27T01:15:07.920", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}