2 Advisories Published – 10-19-21

Today CISA’s NCCIC-ICS published two control system security advisories from products from Trane and AUVESY.

Trane Advisory

This advisory describes a cross-site scripting vulnerability in the Trane Tracer SC Building Automation Controllers. The vulnerability was reported by Chizuru Toyama of TXOne IoT/ICS Security Research Labs. Trane has new firmware ver…