← Voltar para CVEs
CVE-2026-21660
CRITICAL9.8
Descricao
Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick Controls Quantum HD version 10.22 and prior.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/27/2026
Ultima modificacao3/2/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
johnsoncontrols:frick_controls_quantum_hdjohnsoncontrols:frick_controls_quantum_hd_firmware
Fraquezas (CWE)
CWE-256CWE-522
Referencias
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-01(productsecurity@jci.com)
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories(productsecurity@jci.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.