EUVD-2015-2956

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Exploitable remote code execution vulnerability in Trane ComfortLink II firmware version 2.0.2 discovered

Reporter	Title	Published	Views	Family All 9
CNVD	Trane ComfortLink II Stack Buffer Overflow Vulnerability	24 Jun 201600:00	–	cnvd
Check Point Advisories	Trane comfort Link II DSS services handling remote code execution (CVE-2015-2868)	4 Jan 201700:00	–	checkpoint_advisories
CVE	CVE-2015-2868	6 Jan 201721:00	–	cve
Cvelist	CVE-2015-2868	6 Jan 201721:00	–	cvelist
NVD	CVE-2015-2868	6 Jan 201721:59	–	nvd
Prion	Remote code execution	6 Jan 201721:59	–	prion
Positive Technologies	PT-2014-1990 · Trane · Trane Comfortlink Ii	9 Apr 201400:00	–	ptsecurity
Talos	Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability	8 Feb 201600:00	–	talos
Talos	Trane Comfortlink II DSS Service REG Handling Remote Code Execution Vulnerability	8 Feb 201600:00	–	talos

[
  {
    "enisaIdVendor": [
      {
        "id": "ad2724ac-903c-33f3-9a29-e94cf0682e29",
        "vendor": {
          "name": "Trane"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "d288ec99-97dc-3491-a781-370f4fd5c0fc",
        "product": {
          "name": "ComfortLink II SCC firmware"
        },
        "product_version": "2.0.2"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/95118
talosintelligence	www.talosintelligence.com/reports/TALOS-2016-0027/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2015-2868
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

9.4High risk

Vulners AI Score9.4

CVSS 39.8

CVSS 210

EPSS0.09063