Trane Tracer SC: Hard-coded Credentials Exposed

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.2

Trane Tracer SC: Hard-coded Credentials Exposed

CVE-2026-28255

Summary

Trane's Tracer SC, Tracer SC+, and Tracer Concierge software have hardcoded credentials that can be accessed by an attacker, potentially allowing them to view sensitive data and take control of user accounts. This means unauthorized access to important information and possible system takeover. To protect your system, update the software to the latest version.

Original title

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

Original description

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

nvd CVSS4.0 8.2

Vulnerability type

CWE-798 Use of Hard-coded Credentials

https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01

Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026