Known Vulnerabilities for products from Trane
Listed below are 8 of the newest known vulnerabilities associated with the vendor "Trane".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-4212 json | A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to exe... | 6.8 - MEDIUM | 2023-08-22 | 2023-11-07 |
| CVE-2021-42534 json | The affected product’s web application does not properly neutralize the input during webpage generation, which could allow ... | 6.1 - MEDIUM | 2021-10-22 | 2021-10-27 |
| CVE-2021-38450 json | The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code... | 8.8 - HIGH | 2021-10-27 | 2023-07-10 |
| CVE-2021-38448 json | The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code... | 7.6 - HIGH | 2021-11-22 | 2022-05-10 |
| CVE-2016-4526 json | ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory. | Not Provided | 2016-09-19 | 2026-05-06 |
| CVE-2016-0870 json | The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a di... | Not Provided | 2016-09-19 | 2026-05-06 |
| CVE-2015-2868 json | An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. ... | Not Provided | 2017-01-06 | 2026-05-06 |
| CVE-2015-2867 json | A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control... | Not Provided | 2017-01-06 | 2026-05-06 |
Known software with vulnerabilities from Trane
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Trane | Tracer Sc | 4.2.1134 |