{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28253", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2026-02-25T17:06:34.954Z", "datePublished": "2026-03-12T17:27:03.567Z", "dateUpdated": "2026-03-13T16:25:47.523Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-03-12T17:27:03.567Z"}, "title": "Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-789", "description": "CWE-789 Memory allocation with excessive size value", "type": "CWE"}]}], "affected": [{"vendor": "Trane", "product": "Tracer SC", "versions": [{"status": "affected", "version": "0", "lessThan": "v4.4 SP7", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Trane", "product": "Tracer SC+", "versions": [{"status": "affected", "version": "0", "lessThan": "v6.3.2310", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Trane", "product": "Tracer Concierge", "versions": [{"status": "affected", "version": "0", "lessThan": "v6.3.2310", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition</p>"}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01", "tags": ["government-resource"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"}}], "solutions": [{"lang": "en", "value": "Trane has released the following versions of Tracer SC+ for users to upgrade to:\n\n * CVE-2026-28253: Tracer SC+ version v6.30.2313", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Trane has released the following versions of Tracer SC+ for users to upgrade to:</p><ul><li>CVE-2026-28253: Tracer SC+ version v6.30.2313<br></li></ul>"}]}], "credits": [{"lang": "en", "value": "Noam Moshe of Claroty reported these vulnerabilities to CISA.", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T16:25:28.545666Z", "id": "CVE-2026-28253", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T16:25:47.523Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28253", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T16:25:28.545666Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T16:25:38.350Z"}}], "cna": {"title": "Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Trane", "product": "Tracer SC", "versions": [{"status": "affected", "version": "0", "lessThan": "v4.4 SP7", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Trane", "product": "Tracer SC+", "versions": [{"status": "affected", "version": "0", "lessThan": "v6.3.2310", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Trane", "product": "Tracer Concierge", "versions": [{"status": "affected", "version": "0", "lessThan": "v6.3.2310", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Trane has released the following versions of Tracer SC+ for users to upgrade to:\n\n * CVE-2026-28253: Tracer SC+ version v6.30.2313", "supportingMedia": [{"type": "text/html", "value": "<p>Trane has released the following versions of Tracer SC+ for users to upgrade to:</p><ul><li>CVE-2026-28253: Tracer SC+ version v6.30.2313<br></li></ul>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition", "supportingMedia": [{"type": "text/html", "value": "<p>A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-789", "description": "CWE-789 Memory allocation with excessive size value"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-03-12T17:27:03.567Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28253", "state": "PUBLISHED", "dateUpdated": "2026-03-13T16:25:47.523Z", "dateReserved": "2026-02-25T17:06:34.954Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2026-03-12T17:27:03.567Z", "assignerShortName": "icscert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:trane:tracer_sc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBD8A909-6B7C-43B6-A3A0-FD48BD3D2C18", "versionEndIncluding": "4.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack1:*:*:*:*:*:*", "matchCriteriaId": "43AD695C-9ACA-4BC4-9450-54B0A3D29B54", "vulnerable": true}, {"criteria": "cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack2:*:*:*:*:*:*", "matchCriteriaId": "B38311B5-C8E8-4677-9EB5-1FF5A4913ED8", "vulnerable": true}, {"criteria": "cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack3:*:*:*:*:*:*", "matchCriteriaId": "85891146-8A17-4745-8909-97F0999E7973", "vulnerable": true}, {"criteria": "cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack4:*:*:*:*:*:*", "matchCriteriaId": "9F2D9C28-3AA6-44BF-A10A-E07B291B9A7E", "vulnerable": true}, {"criteria": "cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack5:*:*:*:*:*:*", "matchCriteriaId": "55728992-1027-4127-9373-B387D895135A", "vulnerable": true}, {"criteria": "cpe:2.3:o:trane:tracer_sc_firmware:4.4:service_pack6:*:*:*:*:*:*", "matchCriteriaId": "1E07D9C2-BD89-4819-8F51-C4E8F3D46678", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:trane:tracer_sc:*:*:*:*:*:*:*:*", "matchCriteriaId": "8588A8A1-256D-4A24-9911-B0EE946F34EE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:trane:tracer_sc\\+_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED7923B0-A1FF-4A1E-839A-004FBE838730", "versionEndExcluding": "6.3.2310", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:trane:tracer_sc\\+:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B249F8B-02B1-45F6-886F-6AA76CBBFFFC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trane:tracer_concierge:*:*:*:*:*:*:*:*", "matchCriteriaId": "E29DD1A7-FA40-440B-8B63-10939823234B", "versionEndExcluding": "6.3.2310", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition"}, {"lang": "es", "value": "Una vulnerabilidad de Asignaci\u00f3n de Memoria con Valor de Tama\u00f1o Excesivo en Trane Tracer SC, Tracer SC+ y Tracer Concierge podr\u00eda permitir a un atacante no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio."}], "id": "CVE-2026-28253", "lastModified": "2026-03-27T16:24:06.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2026-03-12T18:16:23.370", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-789"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,v6.3.2310)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Tracer Concierge", "source": "cna", "vendor": "Trane"}, "product": "tracer_concierge", "vendor": "trane"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,v4.4 SP7)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Tracer SC", "source": "cna", "vendor": "Trane"}, "product": "tracer_sc", "vendor": "trane"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,v6.3.2310)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Tracer SC+", "source": "cna", "vendor": "Trane"}, "product": "tracer_sc", "vendor": "trane"}], "analysis": {"en": {"generated_at": "2026-03-27T17:30:10.104045+00:00", "value": {"mitigation_remediation": ["Upgrade Tracer SC+ to version v6.30.2313", "If upgrade cannot be performed immediately, disconnect the affected units from the network to prevent exploitation", "Verify the firmware version to confirm it is not vulnerable before proceeding"], "summary": {"action": "Apply patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Trane's Tracer Concierge, Tracer SC, and Tracer SC+ products. Firmware versions listed in the Common Platform Enumeration include Trane Tracer SC firmware 4.4 with service packs 1 through 6, and the corresponding Tracer SC+ firmware. The vendor has issued a fix in Tracer SC+ version v6.30.2313, which supersedes earlier releases.", "description_and_impact": "A memory allocation error allows an attacker without authentication to force the Trane Tracer family of controllers to crash or reboot, resulting in an interruption of HVAC services. The flaw arises from an unchecked size parameter during allocation, a classic uncontrolled memory allocation weakness classified as CWE-789. An attacker who can trigger the faulty allocation can cause a denial-of-service condition that disrupts normal building climate control operations and potentially leads to occupant discomfort or equipment damage.", "risk_and_exploitability": "With a CVSS score of 8.7 the flaw is considered high severity, yet the EPSS score is below 1% and the issue is not catalogued in the CISA KEV list, indicating low current exploitation probability. The vulnerability can be triggered by any entity that can reach the control interface without authentication, implying a remote network attack vector, though the description does not specify the exact channel. An attacker could exploit it to bring the system down, causing significant operational disruption."}}}}, "created": "2026-03-13T09:50:48.256356+00:00", "updated": "2026-03-27T20:27:14.491402+00:00", "vendors": ["trane", "trane$PRODUCT$tracer_concierge", "trane$PRODUCT$tracer_sc"]}