Trane Tracer SC, Tracer SC+, and Tracer Concierge

Summary

Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, execute arbitrary commands, or perform a denial-of-service on the product.

The following versions of Trane Tracer SC, Tracer SC+, and Tracer Concierge are affected:

Tracer SC
Tracer SC+
Tracer Concierge

CVSS	Vendor	Equipment	Vulnerabilities
v3 8.1	Trane	Trane Tracer SC, Tracer SC+, and Tracer Concierge	Use of a Broken or Risky Cryptographic Algorithm, Memory Allocation with Excessive Size Value, Missing Authorization, Use of Hard-coded Credentials, Use of Hard-coded, Security-relevant Constants

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Ireland

Vulnerabilities

Expand All +

CVE-2026-28252

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device.

View CVE Details

Affected Products

Trane Tracer SC, Tracer SC+, and Tracer Concierge

Vendor:
Trane

Product Version:
Trane Tracer SC: <v4.4_SP7, Trane Tracer SC+: <v6.3.2310, Trane Tracer Concierge: <v6.3.2310

Product Status:
known_affected

Remediations

Vendor fix
Trane has released the following versions of Tracer SC+ for users to upgrade to:

Vendor fix
CVE-2026-28252, CVE-2026-28253, CVE-2026-28254: Tracer SC+ version v6.30.2313

Relevant CWE: CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.0	8.1	HIGH	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-28253

A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition.

View CVE Details

Affected Products

Trane Tracer SC, Tracer SC+, and Tracer Concierge

Vendor:
Trane

Product Version:
Trane Tracer SC: <v4.4_SP7, Trane Tracer SC+: <v6.3.2310, Trane Tracer Concierge: <v6.3.2310

Product Status:
known_affected

Remediations

Vendor fix
Trane has released the following versions of Tracer SC+ for users to upgrade to:

Vendor fix
CVE-2026-28252, CVE-2026-28253, CVE-2026-28254: Tracer SC+ version v6.30.2313

Relevant CWE: CWE-789 Memory Allocation with Excessive Size Value

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.0	7.5	HIGH	This article has been indexed from All CISA Advisories Read the original article: Trane Tracer SC, Tracer SC+, and Tracer Concierge Share this: Facebook X LinkedIn Like this: Like Loading... Related Tags: All CISA Advisories EN Post navigation ← Siemens SIMATIC Siemens Heliox EV Chargers → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Telegram Channel Recent Posts Attackers Hijack Microsoft 365 Accounts Through OAuth Device Code Abuse Without Stealing Passwords March 12, 2026 From transparency to action: What the latest Microsoft email security benchmark reveals March 12, 2026 Hackers Use Cloudflare Human Check to Hide Microsoft 365 Phishing Pages March 12, 2026 Law enforcement shuts down botnet made of tens of thousands of hacked routers March 12, 2026 Google API Keys Expose Gemini AI Data via Leaked Credentials March 12, 2026 How to manage the lifecycle of Amazon Machine Images using AMI Lineage for AWS March 12, 2026 IT Security News Hourly Summary 2026-03-12 18h : 12 posts March 12, 2026 400K WordPress Sites Exposed by Elementor Ally Plugin SQL Flaw March 12, 2026 How ‘Handala’ Became the Face of Iran’s Hacker Counterattacks March 12, 2026 Operating Lightning takes down SocksEscort proxy network blamed for tens of millions in fraud March 12, 2026 Top 5 Security Operations Consulting Firms for Government Contractors March 12, 2026 Siemens Heliox EV Chargers March 12, 2026 Trane Tracer SC, Tracer SC+, and Tracer Concierge March 12, 2026 Siemens SIMATIC March 12, 2026 Siemens RUGGEDCOM APE1808 Devices March 12, 2026 Siemens SIDIS Prime March 12, 2026 Apple issues emergency fixes for Coruna flaws in older iOS versions March 12, 2026 Critical MediaTek Vulnerability Lets Attackers Steal Android Phone PINs in 45 Seconds March 12, 2026 PixRevolution Malware Hijacks Brazil’s PIX Transfers in Real Time March 12, 2026 Bell Ambulance Confirms Data Breach Affecting 237,830 Individuals March 12, 2026 Copyright © 2026 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}

Summary

Background

Vulnerabilities

CVE-2026-28252

Affected Products

Trane Tracer SC, Tracer SC+, and Tracer Concierge

Remediations

Metrics

CVE-2026-28253

Affected Products

Trane Tracer SC, Tracer SC+, and Tracer Concierge

Remediations

Metrics

Read the original article:

Share this:

Like this:

Related

Post navigation