Trane HVAC Systems: Hard-coded Credentials Exposed to Attack

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.9

Trane HVAC Systems: Hard-coded Credentials Exposed to Attack

CVE-2026-28256

Summary

Trane's Tracer SC, Tracer SC+, and Tracer Concierge systems may contain hard-coded security credentials that could be accessed by unauthorized users, potentially leading to account takeover and sensitive information disclosure. This means an attacker could gain control of your system and access confidential data. To mitigate this risk, ensure you are running the latest software updates and consider resetting passwords immediately.

Original title

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

Original description

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

nvd CVSS4.0 6.9

Vulnerability type

CWE-547

https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01

Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026