cbcvebase.

Trane Tracer Concierge vulnerabilities

6 known vulnerabilities affecting trane/tracer_concierge.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH3

Vulnerabilities

Page 1 of 1
CVE-2026-28252P2CRITICALCVSS 9.8fixed in 6.3.2310fixed in v6.3.23102026-03-12
CVE-2026-28252 [CRITICAL] CWE-327 CVE-2026-28252: A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device.
nvd
CVE-2026-28255P3CRITICALCVSS 9.8fixed in 6.3.2310fixed in v6.3.23102026-03-12
CVE-2026-28255 [CRITICAL] CWE-798 CVE-2026-28255: A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge c A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
nvd
CVE-2026-28256P3CRITICALCVSS 9.8fixed in 6.3.2310fixed in v6.3.23102026-03-12
CVE-2026-28256 [CRITICAL] CWE-547 CVE-2026-28256: A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and T A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
nvd
CVE-2026-28254P3HIGHCVSS 7.5fixed in 6.3.2310fixed in v6.3.23102026-03-12
CVE-2026-28254 [HIGH] CWE-862 CVE-2026-28254: A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could all A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.
nvd
CVE-2021-38450P3HIGHCVSS 8.8fixed in 5.5v5.5+1 more2021-10-27
CVE-2021-38450 [HIGH] CWE-94 CVE-2021-38450: The affected controllers do not properly sanitize the input containing code syntax. As a result, an The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.
nvd
CVE-2026-28253P3HIGHCVSS 7.5fixed in 6.3.2310fixed in v6.3.23102026-03-12
CVE-2026-28253 [HIGH] CWE-789 CVE-2026-28253: A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Trac A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition
nvd
Trane Tracer Concierge vulnerabilities | cvebase