CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Trane: >> Pivot Firmware Security Vulnerabilities

CVE-2023-4212

A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to the device via a USB stick.

CVSS Score

6.8

EPSS Score

0.001

Published

2023-08-22

Page 1

Vulnerabilities

Vulnerable Software

Trane: >> Pivot Firmware Security Vulnerabilities

Products

Pricing

Contact Us