Skip to main content

Tracer Concierge

5 CVEs product

Monthly

CVE-2026-28256 MEDIUM This Month

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

Information Disclosure Tracer Sc Firmware Tracer Concierge
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-28255 HIGH This Week

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

Authentication Bypass Tracer Sc Firmware Tracer Concierge
NVD VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-28254 MEDIUM This Month

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.

Authentication Bypass Tracer Sc Firmware Tracer Concierge
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-28253 HIGH This Week

A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition

Information Disclosure Tracer Sc Firmware Tracer Concierge
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-28252 CRITICAL Act Now

Trane Tracer SC, SC+, and Concierge building automation controllers use broken cryptographic algorithms that allow attackers to bypass authentication and gain root access. These are critical building management systems controlling HVAC in commercial facilities.

Authentication Bypass Tracer Sc Firmware Tracer Concierge
NVD VulDB
CVSS 4.0
9.2
EPSS
0.1%
EPSS 0% CVSS 6.9
MEDIUM This Month

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

Information Disclosure Tracer Sc Firmware Tracer Concierge
NVD VulDB
EPSS 0% CVSS 8.2
HIGH This Week

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

Authentication Bypass Tracer Sc Firmware Tracer Concierge
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.

Authentication Bypass Tracer Sc Firmware Tracer Concierge
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition

Information Disclosure Tracer Sc Firmware Tracer Concierge
NVD VulDB
EPSS 0% CVSS 9.2
CRITICAL Act Now

Trane Tracer SC, SC+, and Concierge building automation controllers use broken cryptographic algorithms that allow attackers to bypass authentication and gain root access. These are critical building management systems controlling HVAC in commercial facilities.

Authentication Bypass Tracer Sc Firmware Tracer Concierge
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy