trane tracer_sc_firmware CVE Vulnerabilities (7)

CVEs: 7 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting trane tracer_sc_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 17 of 7 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-28256 A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. [email protected] 6.9 0.27% 2026-03-12 2026-06-17
CVE-2026-28255 A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts. [email protected] 8.2 0.29% 2026-03-12 2026-06-17
CVE-2026-28254 A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs. [email protected] 6.9 0.27% 2026-03-12 2026-06-17
CVE-2026-28253 A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition [email protected] 8.7 0.31% 2026-03-12 2026-06-17
CVE-2026-28252 A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device. [email protected] 9.2 0.22% 2026-03-12 2026-06-17
CVE-2021-38450 The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software. [email protected] 9.9 0.98% 2021-10-26 2026-06-17
CVE-2021-42534 The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms. [email protected] 6.3 0.57% 2021-10-22 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence