Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Frick Controls Quantum HD Versions 10.22 and Prior: Exposed Email Passwords Allow Unauthorized Access
CVE-2026-21660
Summary
A security issue in older versions of Frick Controls Quantum HD firmware stores email passwords in plain text. This means that anyone with access to the system can see these passwords and use them to gain unauthorized access to email accounts. To protect your system, update to the latest version of Frick Controls Quantum HD.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| johnsoncontrols | frick_controls_quantum_hd_firmware | <= 10.22 | – |
Original title
Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access,...
Original description
Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise
This issue affects Frick Controls Quantum HD version 10.22 and prior.
This issue affects Frick Controls Quantum HD version 10.22 and prior.
nvd CVSS3.1
9.8
nvd CVSS4.0
6.9
Vulnerability type
CWE-256
CWE-522
Insufficiently Protected Credentials
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-01 Third Party Advisory US Government Resource
- https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories Vendor Advisory
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026