Tracer Sc+ Firmware
Approved changes feed: RSS · Atom
cpe:2.3:o:trane:tracer_sc\+_firmware:*:*:*:*:*:*:*:*
part: o version: * update: *
| Vendor | Trane (68d1bbef-cbde-5889-a7f1-739c1dd4fe52) |
|---|---|
| Product | Tracer Sc+ Firmware (eee07303-9fee-51f7-8725-695559852f8c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-28256 |
vulnerable | 2026-06-03 15:18:08.194327 |
Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge
A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
Published: 2026-03-12T17:34:56.595Z
Updated: 2026-03-12T18:00:32.808Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-28255 |
vulnerable | 2026-06-03 15:18:08.193553 |
Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge
A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
Published: 2026-03-12T17:33:29.171Z
Updated: 2026-03-12T18:02:28.832Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-28254 |
vulnerable | 2026-06-03 15:18:08.192299 |
Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge
A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.
Published: 2026-03-12T17:29:56.723Z
Updated: 2026-03-12T19:21:04.760Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-28253 |
vulnerable | 2026-06-03 15:18:08.190762 |
Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge
A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition
Published: 2026-03-12T17:27:03.567Z
Updated: 2026-03-13T16:25:47.523Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-28252 |
vulnerable | 2026-06-03 15:18:08.188119 |
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device.
Published: 2026-03-12T17:24:04.256Z
Updated: 2026-03-13T16:26:13.627Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-38450 |
vulnerable | 2026-06-03 14:45:07.215360 |
Trane Tracer Code Injection
CRITICAL (9.9)
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.
Published: 2021-10-27T00:48:50.750Z
Updated: 2024-09-16T16:23:31.978Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.