CVE-2023-4212

CVSS V2 None CVSS V3 None
Description
​A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to the device via a USB stick.
Overview
  • CVE ID
  • CVE-2023-4212
  • Assigner
  • icscert
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-08-22T17:34:12.059Z
  • Last Modified Date
  • 2023-08-22T17:34:12.059Z
History
Created Old Value New Value Data Type Notes
2024-06-24 19:39:13 Added to TrackCVE