CVE-2015-2868
CRITICALTrane ComfortLink II SCC firmware >=2.0.2 <2.0.2 - Remote Code Execution via DSS Service REG Request
Title source: llmDescription
An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95118
Exploit, Technical Description, Third Party Advisory x_refsource_misc
http://www.talosintelligence.com/reports/TALOS-2016-0027/
Scores
CVSS v3
9.8
EPSS
0.0684
EPSS Percentile
93.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (2)
Trane/ComfortLink II SCC firmware
2.0.2
trane/comfortlink_ii_firmware
2.0.2
Published
Jan 06, 2017
Tracked Since
Feb 18, 2026