Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Trane — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting Trane. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Trane develops HVAC and building management systems for commercial and industrial environments. Historically, their products have faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insecure web interfaces and default credentials. Notable security characteristics include exposure of sensitive data and unauthorized system access due to inadequate authentication mechanisms. While no major public incidents have been widely documented, the 10 CVEs on record highlight persistent security concerns in their IoT-connected devices, particularly in web-based control panels that may allow attackers to manipulate building environments or gain network access.

Top products by Trane: Tracer SC ComfortLink II SCC firmware Symbio
CVE IDTitleCVSSSeverityPublished
CVE-2026-28256 Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge — Tracer SCCWE-547 9.8AICriticalAI2026-03-12
CVE-2026-28255 Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge — Tracer SCCWE-798 9.8AICriticalAI2026-03-12
CVE-2026-28254 Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge — Tracer SCCWE-862 7.5AIHighAI2026-03-12
CVE-2026-28253 Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge — Tracer SCCWE-789 7.5AIHighAI2026-03-12
CVE-2026-28252 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge — Tracer SCCWE-327 9.8AICriticalAI2026-03-12
CVE-2021-38448 Trane Symbio Improper Control of Generation of Code — SymbioCWE-94 7.5 High2021-11-22
CVE-2021-38450 Trane Tracer Code Injection — Tracer SCCWE-94 9.9 Critical2021-10-27
CVE-2021-42534 Trane Building Automation Controllers Cross-site Scripting — Tracer SCCWE-79 6.3 Medium2021-10-22
CVE-2015-2867 Trane ComfortLink II 安全漏洞 — ComfortLink II SCC firmware 9.8 -2017-01-06
CVE-2015-2868 Trane ComfortLink II 缓冲区错误漏洞 — ComfortLink II SCC firmware 9.8 -2017-01-06

This page lists every published CVE security advisory associated with Trane. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.