CVE-2026-21660
Received
Received - Intake
Hardcoded Plaintext Credentials in Frick Controls Quantum HD Firmware
Publication date: 2026-02-27
Last updated on: 2026-03-02
Assigner: Johnson Controls
Description
Description
Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise
This issue affects Frick Controls Quantum HD version 10.22 and prior.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| johnsoncontrols | frick_controls_quantum_hd_firmware | to 10.22 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
| CWE-256 | The product stores a password in plaintext within resources such as memory or files. |
