GCVE - cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*

part: o version: 2.0.2 update: *

Vendor	Trane (`68d1bbef-cbde-5889-a7f1-739c1dd4fe52`)
Product	Comfortlink Ii Firmware (`ae18e70c-2c0e-55eb-9c85-1d51b18f2a32`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2015-2868`	vulnerable	2026-06-03 14:34:48.088972	Details available An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution. Published: 2017-01-06T21:00:00.000Z Updated: 2024-08-06T05:32:19.763Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/95118 http://www.talosintelligence.com/reports/TALOS-2016-0027/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-2867`	vulnerable	2026-06-03 14:34:48.088574	Details available A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. Published: 2017-01-06T21:00:00.000Z Updated: 2024-08-06T05:32:19.772Z Open on db.gcve.eu Reference links http://www.talosintelligence.com/reports/TALOS-2016-0028/ http://www.securityfocus.com/bid/95120	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.