Vulnerabilities > Trane > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2023-4212 | Command Injection vulnerability in Trane products ?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. | 6.8 |
| 2021-10-22 | CVE-2021-42534 | Unspecified vulnerability in Trane Tracer SC Firmware The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms. | 6.1 |
| 2016-09-19 | CVE-2016-0870 | Information Exposure vulnerability in Trane Tracer SC 3.8/4.2.1134 The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request. | 5.3 |