Johnsoncontrols: Security Vulnerabilities
Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to
execute arbitrary code on the affected device, leading to full system compromise.
This issue affects Frick Controls Quantum HD: Frick Controls Quantum HD version 10.22 and prior.
CVSS Score
8.7
EPSS Score
0.003
Published
2026-02-27
Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise
This issue affects Frick Controls Quantum HD version 10.22 and prior.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-02-27
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-02-27
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-02-27
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-02-27
Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior.
CVSS Score
8.8
EPSS Score
0.004
Published
2026-02-27
Under certain circumstances the exacqVision Web Service can expose authentication token details within communications.
CVSS Score
5.7
EPSS Score
0.005
Published
2024-08-01
Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange
CVSS Score
9.0
EPSS Score
0.001
Published
2024-08-01
Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains.
CVSS Score
6.8
EPSS Score
0.003
Published
2024-08-01
Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices.
CVSS Score
6.4
EPSS Score
0.002
Published
2024-08-01
Page 1