This page lists publicly disclosed CVE vulnerabilities affecting johnsoncontrols frick_controls_quantum_hd_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-21660 | Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick Controls Quantum HD version 10.22 and prior. | [email protected] | 6.9 | 0.23% | 2026-02-27 | 2026-06-17 |
| CVE-2026-21659 | Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. This issue affects Frick Controls Quantum HD: Frick Controls Quantum HD version 10.22 and prior. | [email protected] | 8.7 | 0.91% | 2026-02-27 | 2026-06-17 |
| CVE-2026-21658 | Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior. | [email protected] | 8.8 | 0.63% | 2026-02-27 | 2026-06-17 |
| CVE-2026-21657 | Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior. | [email protected] | 8.8 | 0.39% | 2026-02-27 | 2026-06-17 |
| CVE-2026-21656 | Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior. | [email protected] | 8.8 | 0.39% | 2026-02-27 | 2026-06-17 |
| CVE-2026-21654 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior. | [email protected] | 8.8 | 1.51% | 2026-02-27 | 2026-06-17 |