CVE-2026-28256
- EPSS 0.05%
- Veröffentlicht 12.03.2026 17:34:56
- Zuletzt bearbeitet 27.03.2026 16:25:57
A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
CVE-2026-28255
- EPSS 0.05%
- Veröffentlicht 12.03.2026 17:33:29
- Zuletzt bearbeitet 27.03.2026 16:25:05
A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
CVE-2026-28254
- EPSS 0.04%
- Veröffentlicht 12.03.2026 17:29:56
- Zuletzt bearbeitet 27.03.2026 16:24:39
A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.
CVE-2026-28253
- EPSS 0.06%
- Veröffentlicht 12.03.2026 17:27:03
- Zuletzt bearbeitet 27.03.2026 16:24:06
A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition
CVE-2026-28252
- EPSS 0.03%
- Veröffentlicht 12.03.2026 17:24:04
- Zuletzt bearbeitet 27.03.2026 16:22:41
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device.
CVE-2016-4526
- EPSS 0.06%
- Veröffentlicht 19.09.2016 01:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory.
CVE-2016-0870
- EPSS 0.57%
- Veröffentlicht 19.09.2016 01:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request.