Vulnerability Details : CVE-2023-4212
?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to the device via a USB stick.
Exploit prediction scoring system (EPSS) score for CVE-2023-4212
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less