CVE-2026-21660

CVE

Medium

Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quant…

CVSS

6.9

Medium

EPSS

0.00

p13

Published

2026-01-01

Updated

2026-01-01

Description

Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick Controls Quantum HD version 10.22 and prior.

Tags · CWE

CWE-256

Affected products

Frick_controls_quantum_hd_firmware

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

2026-01-01

Published

2026-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Attack Requirements

AT: N

None

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Vulnerable System Confidentiality

VC: H

High (H)

Vulnerable System Integrity

VI: N

None (N)

Vulnerable System Availability

VA: N

None (N)

Subsequent System Confidentiality

SC: N

None (N)

Subsequent System Integrity

SI: N

None (N)

Subsequent System Availability

SA: N

None (N)

Exploit Code Maturity

E: X

Not Defined

Confidentiality Requirement

CR: X

Not Defined

Integrity Requirement

IR: X

Not Defined

Availability Requirement

AR: X

Not Defined

Modified Attack Vector

MAV: X

Not Defined

Modified Attack Complexity

MAC: X

Not Defined

Modified Attack Requirements

MAT: X

Not Defined

Modified Privileges Required

MPR: X

Not Defined

Modified User Interaction

MUI: X

Not Defined

Modified Vulnerable System Confidentiality

MVC: X

Not Defined

Modified Vulnerable System Integrity

MVI: X

Not Defined

Modified Vulnerable System Availability

MVA: X

Not Defined

Modified Subsequent System Confidentiality

MSC: X

Not Defined

Modified Subsequent System Integrity

MSI: X

Not Defined

Modified Subsequent System Availability

MSA: X

Not Defined

S: X

AU: X

R: X

V: X

RE: X

U: X

Exploit indicators

EPSS

0.002 · p13

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Johnsoncontrols

Frick Controls Quantum Hd Frick Controls Quantum Hd Firmware

Product	Vendor	Status
frick_controls_quantum_hd_firmware	*	Tracked

Source databases

CVE

External references

https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-01@https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories