Vulnerability in Trane Tracer Concierge

CVE-2026-28252

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device.

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.000 (12.3th percentile) — read the EPSS interpretation.

Affected products

Trane Tracer Concierge — versions 0
Trane Tracer Sc — versions 0
Trane Tracer Sc+ — versions 0

Weakness classification (CWE)

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm

References

www.cisa.gov/news-events/ics-advisories/icsa-26-071-01 (government-resource)