HIGHCVE-2026-28253Published Modified CNA icscert
CVE-2026-28253: Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge
A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition
Metrics
- CVSS v4.0
- 8.7
- Severity
- HIGH
- Fixed in
- v4.4 SP7
- Affected Products
- 3
Fix available
v4.4 SP7v6.3.2310
Affected packages
- Trane / Tracer SC< v4.4 SP7 (from 0)
- Trane / Tracer SC+< v6.3.2310 (from 0)
- Trane / Tracer Concierge< v6.3.2310 (from 0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:NReferences