Description
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device.
Published: 2026-03-12
Score: 9.2 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Root-level access through authentication bypass
Action: Patch Immediately
AI Analysis

Impact

A weakened cryptographic algorithm is used in the authentication process of Trane Tracer SC, Tracer SC+, and Tracer Concierge. The flaw allows an attacker to bypass authentication, thereby granting full root privileges on the device. The vulnerability is classified under CWE‑327 and can compromise confidentiality, integrity, and availability of the control system. Once compromised, an attacker could alter or disable device functions, leading to safety risks and potential denial of service for critical HVAC operations.

Affected Systems

The affected products are Trane Tracer Concierge and Trane Tracer SC family, including Tracer SC+, as identified by the CNA. While the description does not list specific model or firmware numbers, Trane has released an updated Tracer SC+ version (v6.30.2313) that addresses the issue. Earlier firmware revisions, such as the 4.4 service packs and other Tracer SC firmware variants, are presumed vulnerable until a patch is applied. System administrators should verify the exact hardware model and firmware version against the vendor’s advisory.

Risk and Exploitability

The CVSS score for this vulnerability is 9.2, indicating a high severity. EPSS indicates an exploitation probability of less than 1 %, and the vulnerability is not listed in the CISA KEV catalog, suggesting low current exploitation likelihood. Nevertheless, the attack vector is inferred to be remote over the network, since authentication is typically performed via network connections to the device. An attacker who successfully exploits the flaw gains unrestricted root control, making this a critical risk for any connected control environment.

Generated by OpenCVE AI on March 27, 2026 at 17:30 UTC.

Remediation

Vendor Solution

Trane has released the following versions of Tracer SC+ for users to upgrade to: * CVE-2026-28252: Tracer SC+ version v6.30.2313

OpenCVE Recommended Actions

  • Upgrade Tracer SC+ to the vendor‑supplied version v6.30.2313 following the official release notes.
  • If an upgrade is temporarily unavailable, isolate the device from the network and limit exposure by firewalling or VLAN segmentation.
  • Audit authentication logs for anomalous access attempts and enforce strong authentication policies.
  • Consider disabling any unnecessary remote management protocols and apply additional device hardening guidelines that Trane recommends.

Generated by OpenCVE AI on March 27, 2026 at 17:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Trane tracer Sc\+
Trane tracer Sc\+ Firmware
Trane tracer Sc Firmware
CPEs cpe:2.3:a:trane:tracer_concierge:*:*:*:*:*:*:*:*
cpe:2.3:h:trane:tracer_sc:*:*:*:*:*:*:*:*
cpe:2.3:h:trane:tracer_sc\+:*:*:*:*:*:*:*:*
cpe:2.3:o:trane:tracer_sc\+_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:trane:tracer_sc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack1:*:*:*:*:*:*
cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack2:*:*:*:*:*:*
cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack3:*:*:*:*:*:*
cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack4:*:*:*:*:*:*
cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack5:*:*:*:*:*:*
cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack6:*:*:*:*:*:*
Vendors & Products Trane tracer Sc\+
Trane tracer Sc\+ Firmware
Trane tracer Sc Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 13 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Trane
Trane tracer Concierge
Trane tracer Sc
Vendors & Products Trane
Trane tracer Concierge
Trane tracer Sc

Thu, 12 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device.
Title Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge
Weaknesses CWE-327
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Trane Tracer Concierge Tracer Sc Tracer Sc\+ Tracer Sc\+ Firmware Tracer Sc Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-03-13T16:26:13.627Z

Reserved: 2026-02-25T17:06:34.954Z

Link: CVE-2026-28252

cve-icon Vulnrichment

Updated: 2026-03-13T16:26:10.126Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T18:16:23.190

Modified: 2026-03-27T16:22:41.620

Link: CVE-2026-28252

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:27:15Z

Weaknesses