PT-2026-22325 · Johnson Controls · Frick Controls Quantum Hd
Noam Moshe
·
Published
2026-02-27
·
Updated
2026-03-04
·
CVE-2026-21659
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Johnson Controls Frick Controls Quantum HD versions prior to 10.22
Description
An unauthenticated attacker can execute arbitrary code on affected devices, potentially leading to full system compromise. This is due to a Local File Inclusion (LFI) issue.
Recommendations
Update to a version later than 10.22.
Fix
RCE
Path traversal
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Frick Controls Quantum Hd