CVE-2026-28255

High CVSS: 8.2

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

Vendor

Trane

Product

Tracer Sc Firmware

CWE

CWE-798

Yayın Tarihi

2026-03-12 18:16:23

Güncelleme

2026-03-27 16:25:05

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-798 Tracer Sc Firmware HIGH Trane 2026

Referanslar

https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01

Benzer Kayıtlar

Critical

CVE-2026-28252

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge co…

High

CVE-2026-28253

A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could a…

Medium

CVE-2026-28254

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticate…

Medium

CVE-2026-28256

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge coul…