Tracer Sc Firmware

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:o:trane:tracer_sc_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

VendorTrane (68d1bbef-cbde-5889-a7f1-739c1dd4fe52)
ProductTracer Sc Firmware (588eabdd-f53f-5786-9389-a30139eaa2c0)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-28256 vulnerable 2026-06-03 15:18:08.194516 Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge
A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
Published: 2026-03-12T17:34:56.595Z
Updated: 2026-03-12T18:00:32.808Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-28255 vulnerable 2026-06-03 15:18:08.193150 Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge
A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
Published: 2026-03-12T17:33:29.171Z
Updated: 2026-03-12T18:02:28.832Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-28254 vulnerable 2026-06-03 15:18:08.191766 Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge
A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.
Published: 2026-03-12T17:29:56.723Z
Updated: 2026-03-12T19:21:04.760Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-28253 vulnerable 2026-06-03 15:18:08.190293 Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge
A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition
Published: 2026-03-12T17:27:03.567Z
Updated: 2026-03-13T16:25:47.523Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-28252 vulnerable 2026-06-03 15:18:08.178789 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device.
Published: 2026-03-12T17:24:04.256Z
Updated: 2026-03-13T16:26:13.627Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-42534 vulnerable 2026-06-03 14:45:27.243573 Trane Building Automation Controllers Cross-site Scripting
MEDIUM (6.3)
The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms.
Published: 2021-10-22T13:17:15.735Z
Updated: 2024-09-16T23:52:08.538Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-38450 vulnerable 2026-06-03 14:45:07.212501 Trane Tracer Code Injection
CRITICAL (9.9)
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.
Published: 2021-10-27T00:48:50.750Z
Updated: 2024-09-16T16:23:31.978Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.