CVE-2026-28253
Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
12/03/2026
Last modified:
27/03/2026
Description
A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition
Impact
Base Score 4.0
8.70
Severity 4.0
HIGH
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:trane:tracer_sc_firmware:*:*:*:*:*:*:*:* | 4.4 (including) | |
| cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack1:*:*:*:*:*:* | ||
| cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack2:*:*:*:*:*:* | ||
| cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack3:*:*:*:*:*:* | ||
| cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack4:*:*:*:*:*:* | ||
| cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack5:*:*:*:*:*:* | ||
| cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack6:*:*:*:*:*:* | ||
| cpe:2.3:h:trane:tracer_sc:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:trane:tracer_sc\+_firmware:*:*:*:*:*:*:*:* | 6.3.2310 (excluding) | |
| cpe:2.3:h:trane:tracer_sc\+:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:trane:tracer_concierge:*:*:*:*:*:*:*:* | 6.3.2310 (excluding) |
To consult the complete list of CPE names with products and versions, see this page