8.7
CVE-2026-28253
- EPSS 0.31%
- Veröffentlicht 12.03.2026 17:27:03
- Zuletzt bearbeitet 27.03.2026 16:24:06
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge
A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Trane ≫ Tracer Sc Firmware Version <= 4.4
Trane ≫ Tracer Sc Firmware Version4.4 Updateservice_pack1
Trane ≫ Tracer Sc Firmware Version4.4 Updateservice_pack2
Trane ≫ Tracer Sc Firmware Version4.4 Updateservice_pack3
Trane ≫ Tracer Sc Firmware Version4.4 Updateservice_pack4
Trane ≫ Tracer Sc Firmware Version4.4 Updateservice_pack5
Trane ≫ Tracer Sc Firmware Version4.4 Updateservice_pack6
Trane ≫ Tracer Concierge Version < 6.3.2310
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.221 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| ics-cert@hq.dhs.gov | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-789 Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01