HIGHCVE-2026-28255Published Modified CNA icscert
CVE-2026-28255: Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge
A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
Metrics
- CVSS v4.0
- 8.2
- Severity
- HIGH
- Fixed in
- v4.4 SP7
- Affected Products
- 3
Fix available
v4.4 SP7v6.3.2310
Affected packages
- Trane / Tracer SC< v4.4 SP7 (from 0)
- Trane / Tracer SC+< v6.3.2310 (from 0)
- Trane / Tracer Concierge< v6.3.2310 (from 0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:NReferences