The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.CreditsTrane reported this vulnerability to CISA.Referenceshttps://us-cert.cisa.gov/ics/advisories/icsa-21-266-01
