Known Vulnerabilities for products from Trane
Listed below are 8 of the newest known vulnerabilities associated with the vendor "Trane".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-4212 | A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to exe... | 6.8 - MEDIUM | 2023-08-22 | 2023-11-07 |
| CVE-2021-42534 | The affected product’s web application does not properly neutralize the input during webpage generation, which could allow ... | 6.1 - MEDIUM | 2021-10-22 | 2021-10-27 |
| CVE-2021-38450 | The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code... | 8.8 - HIGH | 2021-10-27 | 2023-07-10 |
| CVE-2021-38448 | The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code... | 7.6 - HIGH | 2021-11-22 | 2022-05-10 |
| CVE-2016-4526 | ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory. | 7.5 - HIGH | 2016-09-19 | 2016-11-28 |
| CVE-2016-0870 | The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a di... | 5.3 - MEDIUM | 2016-09-19 | 2016-11-28 |
| CVE-2015-2868 | An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. ... | 9.8 - CRITICAL | 2017-01-06 | 2017-01-11 |
| CVE-2015-2867 | A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control... | 9.8 - CRITICAL | 2017-01-06 | 2017-01-11 |
Known software with vulnerabilities from Trane
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Trane | Tracer Sc | 4.2.1134 |