VAR-201701-0611
Vulnerability from variot - Updated: 2023-12-18 12:04A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. Trane ComfortLink II is a set of connection control components used in home intelligence systems by Trane Company, UK.
A privilege access vulnerability exists in Trane ComfortLink II using firmware version 2.0.2, which originated from the program installing a user certificate with a hard-coded password. TRANE COMFORTLINK II is prone to a security-bypass vulnerability. Trane ComfortLink II 2.0.2 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201701-0611",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "comfortlink ii",
"scope": "eq",
"trust": 2.5,
"vendor": "trane",
"version": "2.0.2"
},
{
"model": "comfortlink ii",
"scope": "eq",
"trust": 0.8,
"vendor": "train",
"version": "2.0.2"
},
{
"model": "comfortlink ii",
"scope": "ne",
"trust": 0.3,
"vendor": "trane",
"version": "4.0.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04345"
},
{
"db": "BID",
"id": "95120"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007323"
},
{
"db": "NVD",
"id": "CVE-2015-2867"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-542"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2867"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matt Watchinski and Christopher McBee of Cisco Talos",
"sources": [
{
"db": "BID",
"id": "95120"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-542"
}
],
"trust": 0.9
},
"cve": "CVE-2015-2867",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-2867",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-04345",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-80828",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-2867",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2867",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2016-04345",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-542",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-80828",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04345"
},
{
"db": "VULHUB",
"id": "VHN-80828"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007323"
},
{
"db": "NVD",
"id": "CVE-2015-2867"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-542"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. Trane ComfortLink II is a set of connection control components used in home intelligence systems by Trane Company, UK. \n\nA privilege access vulnerability exists in Trane ComfortLink II using firmware version 2.0.2, which originated from the program installing a user certificate with a hard-coded password. TRANE COMFORTLINK II is prone to a security-bypass vulnerability. \nTrane ComfortLink II 2.0.2 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2867"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007323"
},
{
"db": "CNVD",
"id": "CNVD-2016-04345"
},
{
"db": "BID",
"id": "95120"
},
{
"db": "VULHUB",
"id": "VHN-80828"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2867",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2016-0028",
"trust": 2.6
},
{
"db": "BID",
"id": "95120",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007323",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-542",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-04345",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-80828",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04345"
},
{
"db": "VULHUB",
"id": "VHN-80828"
},
{
"db": "BID",
"id": "95120"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007323"
},
{
"db": "NVD",
"id": "CVE-2015-2867"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-542"
}
]
},
"id": "VAR-201701-0611",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80828"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:04:59.685000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TALOS-2016-0028",
"trust": 0.8,
"url": "http://www.talosintelligence.com/reports/talos-2016-0028/"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.jp.trane.com/ja.html"
},
{
"title": "Patch for Trane ComfortLink II Privilege Acquisition Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/78240"
},
{
"title": "Trane ComfortLink II Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62458"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04345"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007323"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-542"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80828"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007323"
},
{
"db": "NVD",
"id": "CVE-2015-2867"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "http://www.talosintelligence.com/reports/talos-2016-0028/"
},
{
"trust": 1.2,
"url": "http://www.talosintel.com/reports/talos-2016-0028"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/95120"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2867"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2867"
},
{
"trust": 0.3,
"url": "https://www.trane.com/residential/en/resources/smart-home-automation/installing-upgrading.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04345"
},
{
"db": "VULHUB",
"id": "VHN-80828"
},
{
"db": "BID",
"id": "95120"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007323"
},
{
"db": "NVD",
"id": "CVE-2015-2867"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-542"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-04345"
},
{
"db": "VULHUB",
"id": "VHN-80828"
},
{
"db": "BID",
"id": "95120"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007323"
},
{
"db": "NVD",
"id": "CVE-2015-2867"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-542"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04345"
},
{
"date": "2017-01-06T00:00:00",
"db": "VULHUB",
"id": "VHN-80828"
},
{
"date": "2016-02-08T00:00:00",
"db": "BID",
"id": "95120"
},
{
"date": "2017-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007323"
},
{
"date": "2017-01-06T21:59:00.150000",
"db": "NVD",
"id": "CVE-2015-2867"
},
{
"date": "2015-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-542"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04345"
},
{
"date": "2017-01-11T00:00:00",
"db": "VULHUB",
"id": "VHN-80828"
},
{
"date": "2017-01-12T06:05:00",
"db": "BID",
"id": "95120"
},
{
"date": "2017-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007323"
},
{
"date": "2017-01-11T02:59:00.650000",
"db": "NVD",
"id": "CVE-2015-2867"
},
{
"date": "2017-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-542"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-542"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trane ComfortLink II SCC Vulnerability to obtain system control right in firmware service",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007323"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-542"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…