Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
trane vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4212
?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an malicious user to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to the device via a USB stick.
Trane Xl824 Firmware
Trane Xl850 Firmware
Trane Xl1050 Firmware
Trane Pivot Firmware
6.5
CVSSv2
CVE-2021-38450
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.
Trane Tracer Concierge
Trane Tracer Concierge 5.5
Trane Tracer Sc Firmware
Trane Tracer Sc Firmware 4.4
Trane Tracer Sc\\+ Firmware
Trane Tracer Sc\\+ Firmware 5.5
4.6
CVSSv2
CVE-2021-38448
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.
Trane Symbio 700
Trane Symbio 800
4.3
CVSSv2
CVE-2021-42534
The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an malicious user to inject code in the input forms.
Trane Tracer Sc Firmware
6.9
CVSSv2
CVE-2016-4526
ABB DataManagerPro 1.x prior to 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory.
Trane Tracer Sc
5
CVSSv2
CVE-2016-0870
The web server in Trane Tracer SC 4.2.1134 and previous versions allows remote malicious users to read sensitive configuration files via a direct request.
Trane Tracer Sc
10
CVSSv2
CVE-2015-2867
A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote malicious users to take complete control of the system.
Trane Comfortlink Ii Firmware 2.0.2
10
CVSSv2
CVE-2015-2868
An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack ...
Trane Comfortlink Ii Firmware 2.0.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started