← Voltar para CVEs
CVE-2026-21659
CRITICAL9.8
Descricao
Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. This issue affects Frick Controls Quantum HD: Frick Controls Quantum HD version 10.22 and prior.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/27/2026
Ultima modificacao3/2/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
johnsoncontrols:frick_controls_quantum_hdjohnsoncontrols:frick_controls_quantum_hd_firmware
Fraquezas (CWE)
CWE-23CWE-22
Referencias
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-01(productsecurity@jci.com)
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories(productsecurity@jci.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.