Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for ComfortLink II SCC firmware by Trane

    CVE-2015-2868 (GCVE-0-2015-2868)

    Vulnerability from nvd – Published: 2017-01-06 21:00 – Updated: 2024-08-06 05:32
    VLAI
    Summary
    An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Date Public
    2016-02-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:32:19.763Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "95118",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95118"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.talosintelligence.com/reports/TALOS-2016-0027/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ComfortLink II SCC firmware",
              "vendor": "Trane",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2016-02-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-09T10:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "95118",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95118"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0027/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2015-2868",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ComfortLink II SCC firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trane"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "95118",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95118"
                },
                {
                  "name": "http://www.talosintelligence.com/reports/TALOS-2016-0027/",
                  "refsource": "MISC",
                  "url": "http://www.talosintelligence.com/reports/TALOS-2016-0027/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-2868",
        "datePublished": "2017-01-06T21:00:00.000Z",
        "dateReserved": "2015-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:32:19.763Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2867 (GCVE-0-2015-2867)

    Vulnerability from nvd – Published: 2017-01-06 21:00 – Updated: 2024-08-06 05:32
    VLAI
    Summary
    A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.
    Severity
    No CVSS data available.
    CWE
    • hardcoded passwords
    Assigner
    References
    Impacted products
    Date Public
    2016-02-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:32:19.772Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.talosintelligence.com/reports/TALOS-2016-0028/"
              },
              {
                "name": "95120",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95120"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ComfortLink II SCC firmware",
              "vendor": "Trane",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2016-02-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "hardcoded passwords",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-09T10:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0028/"
            },
            {
              "name": "95120",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95120"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2015-2867",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ComfortLink II SCC firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trane"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "hardcoded passwords"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.talosintelligence.com/reports/TALOS-2016-0028/",
                  "refsource": "MISC",
                  "url": "http://www.talosintelligence.com/reports/TALOS-2016-0028/"
                },
                {
                  "name": "95120",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95120"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-2867",
        "datePublished": "2017-01-06T21:00:00.000Z",
        "dateReserved": "2015-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:32:19.772Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2868 (GCVE-0-2015-2868)

    Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-06 05:32
    VLAI
    Summary
    An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • buffer overflow
    Assigner
    References
    Impacted products
    Date Public
    2016-02-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:32:19.763Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "95118",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95118"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.talosintelligence.com/reports/TALOS-2016-0027/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ComfortLink II SCC firmware",
              "vendor": "Trane",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2016-02-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-09T10:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "95118",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95118"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0027/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2015-2868",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ComfortLink II SCC firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trane"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "95118",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95118"
                },
                {
                  "name": "http://www.talosintelligence.com/reports/TALOS-2016-0027/",
                  "refsource": "MISC",
                  "url": "http://www.talosintelligence.com/reports/TALOS-2016-0027/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-2868",
        "datePublished": "2017-01-06T21:00:00.000Z",
        "dateReserved": "2015-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:32:19.763Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2867 (GCVE-0-2015-2867)

    Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-06 05:32
    VLAI
    Summary
    A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.
    Severity
    No CVSS data available.
    CWE
    • hardcoded passwords
    Assigner
    References
    Impacted products
    Date Public
    2016-02-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:32:19.772Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.talosintelligence.com/reports/TALOS-2016-0028/"
              },
              {
                "name": "95120",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95120"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ComfortLink II SCC firmware",
              "vendor": "Trane",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.2"
                }
              ]
            }
          ],
          "datePublic": "2016-02-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "hardcoded passwords",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-09T10:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0028/"
            },
            {
              "name": "95120",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95120"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2015-2867",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ComfortLink II SCC firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trane"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "hardcoded passwords"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.talosintelligence.com/reports/TALOS-2016-0028/",
                  "refsource": "MISC",
                  "url": "http://www.talosintelligence.com/reports/TALOS-2016-0028/"
                },
                {
                  "name": "95120",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95120"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-2867",
        "datePublished": "2017-01-06T21:00:00.000Z",
        "dateReserved": "2015-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:32:19.772Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }