These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-28256 is a Trane advisory for Tracer SC, Tracer SC+, and Tracer Concierge involving hard-coded, security-relevant constants. CISA says the issue could let an attacker disclose sensitive information and take over accounts. The provided advisory metadata lists affected version cutoffs for Tracer SC (<4.4_SP7) and Tracer SC+ (<6.3.2310).
CVE-2026-28255 is a CISA-published industrial control systems advisory for hard-coded credentials in Trane Tracer SC, Tracer SC+, and Tracer Concierge. According to the advisory, the issue could expose sensitive information and enable account takeover.
CVE-2026-28254 is a Missing Authorization vulnerability affecting Trane Tracer SC, Tracer SC+, and Tracer Concierge. According to CISA’s advisory, an unauthenticated attacker could access sensitive information through unprotected APIs. The issue is rated CVSS 5.8 (Medium) and was published on 2026-03-12.
CVE-2026-28253 is a high-severity OT/ICS denial-of-service issue in Trane Tracer SC, Tracer SC+, and Tracer Concierge. According to the CISA advisory, an unauthenticated attacker could trigger a memory allocation path with an excessive size value and disrupt service availability. The issue is publicly disclosed through CISA and the CVE record; no KEV listing was provided in the supplied data.
CVE-2026-28252 is a high-severity cryptographic weakness affecting Trane Tracer SC, Tracer SC+, and Tracer Concierge. CISA states it could let an attacker bypass authentication and gain root-level access, so affected OT/building-automation environments should treat it as a priority remediation item.