cvelistv5 - cve-2015-2867

CVE-2015-2867 (GCVE-0-2015-2867)

Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-06 05:32

Summary

A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.

Severity ?

No CVSS data available.

CWE

hardcoded passwords

Assigner

certcc

References

URL

Tags

	http://www.talosintelligence.com/reports/TALOS-20…	x_refsource_MISC
	http://www.securityfocus.com/bid/95120	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Trane	ComfortLink II SCC firmware	Affected: 2.0.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:19.772Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.talosintelligence.com/reports/TALOS-2016-0028/"
          },
          {
            "name": "95120",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95120"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ComfortLink II SCC firmware",
          "vendor": "Trane",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.2"
            }
          ]
        }
      ],
      "datePublic": "2016-02-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "hardcoded passwords",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-09T10:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.talosintelligence.com/reports/TALOS-2016-0028/"
        },
        {
          "name": "95120",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95120"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-2867",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ComfortLink II SCC firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trane"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "hardcoded passwords"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.talosintelligence.com/reports/TALOS-2016-0028/",
              "refsource": "MISC",
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0028/"
            },
            {
              "name": "95120",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95120"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2015-2867",
    "datePublished": "2017-01-06T21:00:00",
    "dateReserved": "2015-04-03T00:00:00",
    "dateUpdated": "2024-08-06T05:32:19.772Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25C2D7CF-A6C4-4D3E-9359-5879960ADC26\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.\"}, {\"lang\": \"es\", \"value\": \"Un fallo de dise\\u00f1o en el firmware de Trane ComfortLink II SCC versi\\u00f3n 2.0.2 permite a atacantes remotos obtener el control completo del sistema.\"}]",
      "id": "CVE-2015-2867",
      "lastModified": "2024-11-21T02:28:14.030",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-01-06T21:59:00.150",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/95120\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.talosintelligence.com/reports/TALOS-2016-0028/\", \"source\": \"cret@cert.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/95120\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.talosintelligence.com/reports/TALOS-2016-0028/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-798\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-2867\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2017-01-06T21:59:00.150\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.\"},{\"lang\":\"es\",\"value\":\"Un fallo de dise\u00f1o en el firmware de Trane ComfortLink II SCC versi\u00f3n 2.0.2 permite a atacantes remotos obtener el control completo del sistema.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25C2D7CF-A6C4-4D3E-9359-5879960ADC26\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/95120\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.talosintelligence.com/reports/TALOS-2016-0028/\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/95120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.talosintelligence.com/reports/TALOS-2016-0028/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

GSD-2015-2867

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.

Aliases

CVE-2015-2867

Aliases

CVE-2015-2867

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-2867",
    "description": "A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.",
    "id": "GSD-2015-2867"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-2867"
      ],
      "details": "A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.",
      "id": "GSD-2015-2867",
      "modified": "2023-12-13T01:20:00.859862Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2015-2867",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ComfortLink II SCC firmware",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.0.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Trane"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "hardcoded passwords"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.talosintelligence.com/reports/TALOS-2016-0028/",
            "refsource": "MISC",
            "url": "http://www.talosintelligence.com/reports/TALOS-2016-0028/"
          },
          {
            "name": "95120",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95120"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-2867"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.talosintelligence.com/reports/TALOS-2016-0028/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0028/"
            },
            {
              "name": "95120",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/95120"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-01-11T02:59Z",
      "publishedDate": "2017-01-06T21:59Z"
    }
  }
}

VAR-201701-0611

Vulnerability from variot - Updated: 2023-12-18 12:04

A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. Trane ComfortLink II is a set of connection control components used in home intelligence systems by Trane Company, UK.

A privilege access vulnerability exists in Trane ComfortLink II using firmware version 2.0.2, which originated from the program installing a user certificate with a hard-coded password. TRANE COMFORTLINK II is prone to a security-bypass vulnerability. Trane ComfortLink II 2.0.2 is vulnerable; other versions may also be affected

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0611",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "comfortlink ii",
        "scope": "eq",
        "trust": 2.5,
        "vendor": "trane",
        "version": "2.0.2"
      },
      {
        "model": "comfortlink ii",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "train",
        "version": "2.0.2"
      },
      {
        "model": "comfortlink ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "trane",
        "version": "4.0.3"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04345"
      },
      {
        "db": "BID",
        "id": "95120"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007323"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2867"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-542"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2867"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Matt Watchinski and Christopher McBee of Cisco Talos",
    "sources": [
      {
        "db": "BID",
        "id": "95120"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-542"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-2867",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2015-2867",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2016-04345",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-80828",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2015-2867",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-2867",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-04345",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201606-542",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-80828",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04345"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80828"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007323"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2867"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-542"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. Trane ComfortLink II is a set of connection control components used in home intelligence systems by Trane Company, UK. \n\nA privilege access vulnerability exists in Trane ComfortLink II using firmware version 2.0.2, which originated from the program installing a user certificate with a hard-coded password. TRANE COMFORTLINK II is prone to a security-bypass vulnerability. \nTrane ComfortLink II 2.0.2 is vulnerable; other versions may also be affected",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2867"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007323"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-04345"
      },
      {
        "db": "BID",
        "id": "95120"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80828"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-2867",
        "trust": 3.4
      },
      {
        "db": "TALOS",
        "id": "TALOS-2016-0028",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "95120",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007323",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-542",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-04345",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-80828",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04345"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80828"
      },
      {
        "db": "BID",
        "id": "95120"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007323"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2867"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-542"
      }
    ]
  },
  "id": "VAR-201701-0611",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80828"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:04:59.685000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "TALOS-2016-0028",
        "trust": 0.8,
        "url": "http://www.talosintelligence.com/reports/talos-2016-0028/"
      },
      {
        "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "http://www.jp.trane.com/ja.html"
      },
      {
        "title": "Patch for Trane ComfortLink II Privilege Acquisition Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/78240"
      },
      {
        "title": "Trane ComfortLink II Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62458"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04345"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007323"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-542"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-798",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80828"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007323"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2867"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.4,
        "url": "http://www.talosintelligence.com/reports/talos-2016-0028/"
      },
      {
        "trust": 1.2,
        "url": "http://www.talosintel.com/reports/talos-2016-0028"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/95120"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2867"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2867"
      },
      {
        "trust": 0.3,
        "url": "https://www.trane.com/residential/en/resources/smart-home-automation/installing-upgrading.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04345"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80828"
      },
      {
        "db": "BID",
        "id": "95120"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007323"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2867"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-542"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04345"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80828"
      },
      {
        "db": "BID",
        "id": "95120"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007323"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2867"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-542"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-06-29T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-04345"
      },
      {
        "date": "2017-01-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80828"
      },
      {
        "date": "2016-02-08T00:00:00",
        "db": "BID",
        "id": "95120"
      },
      {
        "date": "2017-01-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007323"
      },
      {
        "date": "2017-01-06T21:59:00.150000",
        "db": "NVD",
        "id": "CVE-2015-2867"
      },
      {
        "date": "2015-02-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201606-542"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-06-29T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-04345"
      },
      {
        "date": "2017-01-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80828"
      },
      {
        "date": "2017-01-12T06:05:00",
        "db": "BID",
        "id": "95120"
      },
      {
        "date": "2017-01-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007323"
      },
      {
        "date": "2017-01-11T02:59:00.650000",
        "db": "NVD",
        "id": "CVE-2015-2867"
      },
      {
        "date": "2017-01-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201606-542"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-542"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Trane ComfortLink II SCC Vulnerability to obtain system control right in firmware service",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007323"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-542"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2015-2867

Vulnerability from fkie_nvd - Published: 2017-01-06 21:59 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.

References

URL	Tags
cret@cert.org	http://www.securityfocus.com/bid/95120
cret@cert.org	http://www.talosintelligence.com/reports/TALOS-2016-0028/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95120
af854a3a-2127-422b-91ae-364da2661108	http://www.talosintelligence.com/reports/TALOS-2016-0028/	Exploit, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	trane	comfortlink_ii_firmware	2.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "25C2D7CF-A6C4-4D3E-9359-5879960ADC26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system."
    },
    {
      "lang": "es",
      "value": "Un fallo de dise\u00f1o en el firmware de Trane ComfortLink II SCC versi\u00f3n 2.0.2 permite a atacantes remotos obtener el control completo del sistema."
    }
  ],
  "id": "CVE-2015-2867",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-06T21:59:00.150",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/bid/95120"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.talosintelligence.com/reports/TALOS-2016-0028/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/95120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.talosintelligence.com/reports/TALOS-2016-0028/"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-X52M-RPMJ-3VRC

Vulnerability from github – Published: 2022-05-17 03:05 – Updated: 2025-04-20 03:30

Details

A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-2867"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-06T21:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.",
  "id": "GHSA-x52m-rpmj-3vrc",
  "modified": "2025-04-20T03:30:47Z",
  "published": "2022-05-17T03:05:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2867"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95120"
    },
    {
      "type": "WEB",
      "url": "http://www.talosintelligence.com/reports/TALOS-2016-0028"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2016-04345

Vulnerability from cnvd - Published: 2016-06-29

Title

Trane ComfortLink II权限获取漏洞

Description

Trane ComfortLink II是英国Trane公司的一套用于家庭智能系统中的连接控制组件。使用2.0.2版本固件的Trane ComfortLink II中存在权限获取漏洞，该漏洞源于程序安装带有硬编码密码的用户证书。远程攻击者可利用该漏洞访问系统，获取root权限，完全控制系统。

Severity

中

Patch Name

Trane ComfortLink II权限获取漏洞的补丁

Patch Description

Trane ComfortLink II是英国Trane公司的一套用于家庭智能系统中的连接控制组件。使用2.0.2版本固件的Trane ComfortLink II中存在权限获取漏洞，该漏洞源于程序安装带有硬编码密码的用户证书。远程攻击者可利用该漏洞访问系统，获取root权限，完全控制系统。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页： https://www.trane.com/

Reference

http://www.talosintel.com/reports/TALOS-2016-0028

Impacted products

Name
Trane ComfortLink II 2.0.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2867"
    }
  },
  "description": "Trane ComfortLink II\u662f\u82f1\u56fdTrane\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u5bb6\u5ead\u667a\u80fd\u7cfb\u7edf\u4e2d\u7684\u8fde\u63a5\u63a7\u5236\u7ec4\u4ef6\u3002\r\n\r\n\u4f7f\u75282.0.2\u7248\u672c\u56fa\u4ef6\u7684Trane ComfortLink II\u4e2d\u5b58\u5728\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5b89\u88c5\u5e26\u6709\u786c\u7f16\u7801\u5bc6\u7801\u7684\u7528\u6237\u8bc1\u4e66\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u7cfb\u7edf\uff0c\u83b7\u53d6root\u6743\u9650\uff0c\u5b8c\u5168\u63a7\u5236\u7cfb\u7edf\u3002",
  "discovererName": "Matt Watchinski and Christopher McBee of Cisco Talos",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.trane.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-04345",
  "openTime": "2016-06-29",
  "patchDescription": "Trane ComfortLink II\u662f\u82f1\u56fdTrane\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u5bb6\u5ead\u667a\u80fd\u7cfb\u7edf\u4e2d\u7684\u8fde\u63a5\u63a7\u5236\u7ec4\u4ef6\u3002\r\n\r\n\u4f7f\u75282.0.2\u7248\u672c\u56fa\u4ef6\u7684Trane ComfortLink II\u4e2d\u5b58\u5728\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5b89\u88c5\u5e26\u6709\u786c\u7f16\u7801\u5bc6\u7801\u7684\u7528\u6237\u8bc1\u4e66\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u7cfb\u7edf\uff0c\u83b7\u53d6root\u6743\u9650\uff0c\u5b8c\u5168\u63a7\u5236\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Trane ComfortLink II\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Trane ComfortLink II 2.0.2"
  },
  "referenceLink": "http://www.talosintel.com/reports/TALOS-2016-0028",
  "serverity": "\u4e2d",
  "submitTime": "2016-06-24",
  "title": "Trane ComfortLink II\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-2867 (GCVE-0-2015-2867)

GSD-2015-2867

VAR-201701-0611

FKIE_CVE-2015-2867

GHSA-X52M-RPMJ-3VRC

CNVD-2016-04345

Tags

Sightings

Nomenclature