Trane HVAC System Software Denial-of-Service Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.7

Trane HVAC System Software Denial-of-Service Risk

CVE-2026-28253

Summary

The Trane Tracer SC, Tracer SC+, and Tracer Concierge software may allow an attacker to shut down the system, making it unavailable for use. This could impact building control and safety. Trane recommends updating to the latest software version to prevent this issue.

Original title

A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition

Original description

A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition

nvd CVSS4.0 8.7

Vulnerability type

CWE-789

https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01

Published: 12 Mar 2026 · Updated: 14 Mar 2026 · First seen: 12 Mar 2026