CVE-2026-28252

Critical CVSS: 9.2

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device.

Vendor

Trane

Product

Tracer Sc Firmware

CWE

CWE-327

Yayın Tarihi

2026-03-12 18:16:23

Güncelleme

2026-03-27 16:22:41

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-327 Tracer Sc Firmware CRITICAL Trane 2026

Referanslar

https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01

Benzer Kayıtlar

High

CVE-2026-28253

A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could a…

Medium

CVE-2026-28254

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticate…

High

CVE-2026-28255

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attack…

Medium

CVE-2026-28256

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge coul…