A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
