CVE-2026-21660
CRITICALCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Description
Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick Controls Quantum HD version 10.22 and prior.
Analysis
Hardcoded email credentials stored as plaintext in Johnson Controls Frick Controls firmware. Sixth critical vulnerability — exposed credentials could enable account access and lateral movement.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Frick Controls Quantum HD installations and document current firmware versions; restrict network access to affected systems to essential personnel only; begin credential rotation for all email accounts potentially affected. Within 7 days: Implement network segmentation to isolate affected systems from critical infrastructure; deploy enhanced monitoring for unauthorized access attempts; engage Frick Controls support for guidance on firmware upgrades or alternatives. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today