CVE-2026-28252

Published: Mar 12, 2026 Last Modified: Mar 12, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,2

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device.

327

Use of a Broken or Risky Cryptographic Algorithm

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Accountability Non-Repudiation

Potential Impacts:

Read Application Data Modify Application Data Hide Activities

Applicable Platforms

Languages: Not Language-Specific, Verilog, VHDL

Technologies: Not Technology-Specific, ICS/OT

Likelihood of Exploit: High

View CWE Details

https://www.cisa.gov/news-events/ics-advisories/icsa-26-071…

https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01

CVE-2026-28252

Description

Use of a Broken or Risky Cryptographic Algorithm

Common Consequences

Applicable Platforms

Iscriviti alla newsletter