CVE-2015-2868

CRITICAL

Trane ComfortLink II SCC firmware >=2.0.2 <2.0.2 - Remote Code Execution via DSS Service REG Request

Title source: llm
STIX 2.1

Description

An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95118
Exploit, Technical Description, Third Party Advisory x_refsource_misc
http://www.talosintelligence.com/reports/TALOS-2016-0027/

Scores

CVSS v3 9.8
EPSS 0.0684
EPSS Percentile 93.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (2)
Trane/ComfortLink II SCC firmware 2.0.2
trane/comfortlink_ii_firmware 2.0.2
Published Jan 06, 2017
Tracked Since Feb 18, 2026