CVE-2026-21660

Johnson Controls-Frick Quantum HD-Hardcoded Email Credentials Saved as Plaintext in Firmware

CVSS 6.9 MEDIUMEPSS 0.2%CWE-256

Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick Controls Quantum HD version 10.22 and prior.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Johnson Controls · Frick Controls Quantum HD

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-01 https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories