CVE-2026-28254

Medium CVSS: 6.9

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.

Vendor

Trane

Product

Tracer Sc Firmware

CWE

CWE-862

Yayın Tarihi

2026-03-12 18:16:23

Güncelleme

2026-03-27 16:24:39

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-862 Tracer Sc Firmware MEDIUM Trane 2026

Referanslar

https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01

Benzer Kayıtlar

Critical

CVE-2026-28252

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge co…

High

CVE-2026-28253

A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could a…

High

CVE-2026-28255

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attack…

Medium

CVE-2026-28256

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge coul…