CVE-2015-2867 — CRITICAL (9.8)

Vulnerability Description

A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Trane	Comfortlink Ii Firmware	2.0.2

Related Weaknesses (CWE)

CWE-798

References

http://www.securityfocus.com/bid/95120
http://www.talosintelligence.com/reports/TALOS-2016-0028/ExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/95120
http://www.talosintelligence.com/reports/TALOS-2016-0028/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2015-2867?

CVE-2015-2867 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.

How severe is CVE-2015-2867?

CVE-2015-2867 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2015-2867?

Check the references section above for vendor advisories and patch information. Affected products include: Trane Comfortlink Ii Firmware.