VAR-201701-0612
Vulnerability from variot - Updated: 2023-12-18 13:53An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution. Trane ComfortLink II is a set of connection control components used in home intelligence systems by Trane Company, UK. Trane ComfortLink II is prone to a remote code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. Trane ComfortLink II 2.0.2 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201701-0612",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "comfortlink ii",
"scope": "eq",
"trust": 2.5,
"vendor": "trane",
"version": "2.0.2"
},
{
"model": "comfortlink ii",
"scope": "eq",
"trust": 0.8,
"vendor": "train",
"version": "2.0.2"
},
{
"model": "comfortlink ii",
"scope": "ne",
"trust": 0.3,
"vendor": "trane",
"version": "4.0.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04346"
},
{
"db": "BID",
"id": "95118"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007324"
},
{
"db": "NVD",
"id": "CVE-2015-2868"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-543"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2868"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matt Watchinski and Christopher McBee of Cisco Talos",
"sources": [
{
"db": "BID",
"id": "95118"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-543"
}
],
"trust": 0.9
},
"cve": "CVE-2015-2868",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-2868",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-04346",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-80829",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-2868",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2868",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2016-04346",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-543",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-80829",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04346"
},
{
"db": "VULHUB",
"id": "VHN-80829"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007324"
},
{
"db": "NVD",
"id": "CVE-2015-2868"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-543"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution. Trane ComfortLink II is a set of connection control components used in home intelligence systems by Trane Company, UK. Trane ComfortLink II is prone to a remote code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. \nTrane ComfortLink II 2.0.2 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2868"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007324"
},
{
"db": "CNVD",
"id": "CNVD-2016-04346"
},
{
"db": "BID",
"id": "95118"
},
{
"db": "VULHUB",
"id": "VHN-80829"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2868",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2016-0027",
"trust": 2.6
},
{
"db": "BID",
"id": "95118",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007324",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-543",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-04346",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-80829",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04346"
},
{
"db": "VULHUB",
"id": "VHN-80829"
},
{
"db": "BID",
"id": "95118"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007324"
},
{
"db": "NVD",
"id": "CVE-2015-2868"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-543"
}
]
},
"id": "VAR-201701-0612",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80829"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:53:09.267000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TALOS-2016-0028",
"trust": 0.8,
"url": "http://www.talosintelligence.com/reports/talos-2016-0028/"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.jp.trane.com/ja.html"
},
{
"title": "Patch for Trane ComfortLink II Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/78241"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04346"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007324"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80829"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007324"
},
{
"db": "NVD",
"id": "CVE-2015-2868"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.talosintel.com/reports/talos-2016-0027"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/95118"
},
{
"trust": 1.1,
"url": "http://www.talosintelligence.com/reports/talos-2016-0027/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2868"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2868"
},
{
"trust": 0.3,
"url": "https://www.trane.com/residential/en/resources/smart-home-automation/installing-upgrading.html"
},
{
"trust": 0.3,
"url": "http://www.talosintelligence.com/reports/talos-2016-0027/ "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04346"
},
{
"db": "VULHUB",
"id": "VHN-80829"
},
{
"db": "BID",
"id": "95118"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007324"
},
{
"db": "NVD",
"id": "CVE-2015-2868"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-543"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-04346"
},
{
"db": "VULHUB",
"id": "VHN-80829"
},
{
"db": "BID",
"id": "95118"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007324"
},
{
"db": "NVD",
"id": "CVE-2015-2868"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-543"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04346"
},
{
"date": "2017-01-06T00:00:00",
"db": "VULHUB",
"id": "VHN-80829"
},
{
"date": "2016-02-08T00:00:00",
"db": "BID",
"id": "95118"
},
{
"date": "2017-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007324"
},
{
"date": "2017-01-06T21:59:00.197000",
"db": "NVD",
"id": "CVE-2015-2868"
},
{
"date": "2015-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-543"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04346"
},
{
"date": "2017-01-11T00:00:00",
"db": "VULHUB",
"id": "VHN-80829"
},
{
"date": "2017-01-12T00:07:00",
"db": "BID",
"id": "95118"
},
{
"date": "2017-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007324"
},
{
"date": "2017-01-11T02:59:00.713000",
"db": "NVD",
"id": "CVE-2015-2868"
},
{
"date": "2017-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-543"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-543"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trane ComfortLink II Firmware DSS Service Remote Code Execution Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007324"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-543"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…