10
CVE-2015-2867
- EPSS 4.83%
- Veröffentlicht 06.01.2017 21:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
LoginA design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Trane ≫ Comfortlink Ii Firmware Version2.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.83% | 0.908 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
http://www.securityfocus.com/bid/95120
http://www.talosintelligence.com/reports/TALOS-2016-0028/