ICSA-21-266-01
·
Published 2022-01-13
·
View on CISA ICS-CERT ↗
Trane Symbio (Update B)
CVSS 7.5
HIGH
Risk Summary
Successful exploitation of this vulnerability could allow a user to execute arbitrary code on the controller.
CVEs (1)
Remediations
- Ensure user credentials are not shared and follow best practices for appropriate complexity (e.g., strong passwords).
- Have a well-documented process and owner to ensure regular software/firmware updates and keep systems up to date.
Affected Vendors
Trane
Affected Products (4)
Trane
·
Odyssey Split Systems
< 1.00.0023
Trane
·
Ascend Air-Cooled Chiller Model ACR
< 1.10.0010
Trane
·
Agility Water-Cooled Chiller Model HDWA
< 1.00.0010
Trane
·
IntelliPak Rooftop Air Conditioner
< 1.30.0008
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more