8.7
CVE-2026-28253
- EPSS 0.06%
- Veröffentlicht 12.03.2026 17:27:03
- Zuletzt bearbeitet 27.03.2026 16:24:06
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Trane ≫ Tracer Sc Firmware Version <= 4.4
Trane ≫ Tracer Sc Firmware Version4.4 Updateservice_pack1
Trane ≫ Tracer Sc Firmware Version4.4 Updateservice_pack2
Trane ≫ Tracer Sc Firmware Version4.4 Updateservice_pack3
Trane ≫ Tracer Sc Firmware Version4.4 Updateservice_pack4
Trane ≫ Tracer Sc Firmware Version4.4 Updateservice_pack5
Trane ≫ Tracer Sc Firmware Version4.4 Updateservice_pack6
Trane ≫ Tracer Concierge Version < 6.3.2310
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.198 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| ics-cert@hq.dhs.gov | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-789 Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.