ID
VAR-201701-0612
CVE
CVE-2015-2868
TITLE
Trane ComfortLink II Firmware DSS Service Remote Code Execution Vulnerability
Trust: 0.8
DESCRIPTION
An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution. Trane ComfortLink II is a set of connection control components used in home intelligence systems by Trane Company, UK. Trane ComfortLink II is prone to a remote code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. Trane ComfortLink II 2.0.2 is vulnerable; other versions may also be affected
Trust: 2.52
AFFECTED PRODUCTS
| vendor: | trane | model: | comfortlink ii | scope: | eq | version: | 2.0.2 | Trust: 2.5 |
| vendor: | train | model: | comfortlink ii | scope: | eq | version: | 2.0.2 | Trust: 0.8 |
| vendor: | trane | model: | comfortlink ii | scope: | ne | version: | 4.0.3 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-119 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
buffer overflow
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | TALOS-2016-0028 | url: | http://www.talosintelligence.com/reports/TALOS-2016-0028/ | Trust: 0.8 |
| title: | トップページ | url: | http://www.jp.trane.com/ja.html | Trust: 0.8 |
| title: | Patch for Trane ComfortLink II Stack Buffer Overflow Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/78241 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-2868 | Trust: 3.4 |
| db: | TALOS | id: | TALOS-2016-0027 | Trust: 2.6 |
| db: | BID | id: | 95118 | Trust: 1.4 |
| db: | JVNDB | id: | JVNDB-2015-007324 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201606-543 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2016-04346 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-80829 | Trust: 0.1 |
REFERENCES
| url: | http://www.talosintel.com/reports/talos-2016-0027 | Trust: 1.2 |
| url: | http://www.securityfocus.com/bid/95118 | Trust: 1.1 |
| url: | http://www.talosintelligence.com/reports/talos-2016-0027/ | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2868 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2868 | Trust: 0.8 |
| url: | https://www.trane.com/residential/en/resources/smart-home-automation/installing-upgrading.html | Trust: 0.3 |
| url: | http://www.talosintelligence.com/reports/talos-2016-0027/ | Trust: 0.3 |
CREDITS
Matt Watchinski and Christopher McBee of Cisco Talos
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2016-04346 |
| db: | VULHUB | id: | VHN-80829 |
| db: | BID | id: | 95118 |
| db: | JVNDB | id: | JVNDB-2015-007324 |
| db: | CNNVD | id: | CNNVD-201606-543 |
| db: | NVD | id: | CVE-2015-2868 |
LAST UPDATE DATE
2025-04-20T23:27:32.851000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-04346 | date: | 2016-06-29T00:00:00 |
| db: | VULHUB | id: | VHN-80829 | date: | 2017-01-11T00:00:00 |
| db: | BID | id: | 95118 | date: | 2017-01-12T00:07:00 |
| db: | JVNDB | id: | JVNDB-2015-007324 | date: | 2017-01-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201606-543 | date: | 2017-01-11T00:00:00 |
| db: | NVD | id: | CVE-2015-2868 | date: | 2025-04-20T01:37:25.860 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-04346 | date: | 2016-06-29T00:00:00 |
| db: | VULHUB | id: | VHN-80829 | date: | 2017-01-06T00:00:00 |
| db: | BID | id: | 95118 | date: | 2016-02-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-007324 | date: | 2017-01-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201606-543 | date: | 2015-02-08T00:00:00 |
| db: | NVD | id: | CVE-2015-2868 | date: | 2017-01-06T21:59:00.197 |