CVE-2026-28253 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
trane	tracer_sc_firmware	𝑥 ≤ 4.4
trane	tracer_sc_firmware	4.4:service_pack1
trane	tracer_sc_firmware	4.4:service_pack2
trane	tracer_sc_firmware	4.4:service_pack3
trane	tracer_sc_firmware	4.4:service_pack4
trane	tracer_sc_firmware	4.4:service_pack5
trane	tracer_sc_firmware	4.4:service_pack6
trane	tracer_sc\+_firmware	𝑥 < 6.3.2310
trane	tracer_concierge	𝑥 < 6.3.2310

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-789 - Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01