彙總 Johnson Controls 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 路徑處理缺陷、跨站腳本、輸入驗證問題與SSRF,在 軟體部署與生產負載 使用場景中可能帶來 異常行為、應用程式崩潰與記憶體損壞 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-21660 | Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick Controls Quantum HD version 10.22 and prior. | [email protected] | 6.9 | 0.02% | 2026-02-27 | 2026-03-02 |
| CVE-2026-21659 | Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. This issue affects Frick Controls Quantum HD: Frick Controls Quantum HD version 10.22 and prior. | [email protected] | 8.7 | 0.28% | 2026-02-27 | 2026-03-02 |
| CVE-2026-21658 | Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior. | [email protected] | 8.8 | 0.35% | 2026-02-27 | 2026-03-02 |
| CVE-2026-21657 | Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior. | [email protected] | 8.8 | 0.08% | 2026-02-27 | 2026-03-02 |
| CVE-2026-21656 | Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior. | [email protected] | 8.8 | 0.08% | 2026-02-27 | 2026-03-02 |
| CVE-2026-21654 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior. | [email protected] | 8.8 | 0.15% | 2026-02-27 | 2026-03-02 |
| CVE-2024-32931 | Under certain circumstances the exacqVision Web Service can expose authentication token details within communications. | [email protected] | 5.7 | 0.53% | 2024-08-01 | 2024-08-09 |
| CVE-2024-32865 | Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices. | [email protected] | 6.4 | 0.18% | 2024-08-01 | 2024-08-09 |
| CVE-2024-32862 | Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains. | [email protected] | 6.8 | 0.27% | 2024-08-01 | 2024-08-09 |
| CVE-2024-32758 | Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange | [email protected] | 9.0 | 0.05% | 2024-08-01 | 2024-08-09 |
| CVE-2024-32864 | Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS) | [email protected] | 6.4 | 0.15% | 2024-08-01 | 2024-08-09 |
| CVE-2024-32863 | Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF) | [email protected] | 6.8 | 0.41% | 2024-08-01 | 2024-08-09 |
| CVE-2024-0912 | Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions | [email protected] | 8.5 | 0.05% | 2024-06-06 | 2024-11-21 |
| CVE-2024-0242 | Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings. | [email protected] | 7.3 | 0.10% | 2024-02-08 | 2024-11-21 |
| CVE-2023-0248 | An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader. | [email protected] | 7.5 | 0.10% | 2023-12-14 | 2024-11-21 |
| CVE-2023-4486 | Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. | [email protected] | 7.5 | 0.17% | 2023-12-07 | 2024-11-21 |
| CVE-2023-4804 | An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. | [email protected] | 10.0 | 0.10% | 2023-11-10 | 2024-11-21 |
| CVE-2023-3749 | A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. | [email protected] | 7.1 | 0.04% | 2023-08-03 | 2024-11-21 |
| CVE-2023-3548 | An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack. | [email protected] | 8.3 | 0.17% | 2023-07-25 | 2024-11-21 |
| CVE-2023-3127 | An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights. | [email protected] | 7.5 | 0.17% | 2023-07-11 | 2024-11-21 |