{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T20:33:34.590","vulnerabilities":[{"cve":{"id":"CVE-2026-21659","sourceIdentifier":"productsecurity@jci.com","published":"2026-02-27T10:16:22.373","lastModified":"2026-03-02T18:23:49.030","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to\nexecute arbitrary code on the affected device, leading to full system compromise. \nThis issue affects Frick Controls Quantum HD: Frick Controls Quantum HD version 10.22 and prior."},{"lang":"es","value":"Ejecución remota de código no autenticada y revelación de información debido a una vulnerabilidad de inclusión local de ficheros (LFI) en Johnson Controls Frick Controls Quantum HD permiten a un atacante no autenticado ejecutar código arbitrario en el dispositivo afectado, lo que lleva a un compromiso total del sistema. Este problema afecta a Frick Controls Quantum HD: Frick Controls Quantum HD versión 10.22 y anteriores."}],"metrics":{"cvssMetricV40":[{"source":"productsecurity@jci.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"productsecurity@jci.com","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:johnsoncontrols:frick_controls_quantum_hd_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10.22","matchCriteriaId":"55477589-0B06-4570-B052-BAA9FC3D1F27"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:johnsoncontrols:frick_controls_quantum_hd:-:*:*:*:*:*:*:*","matchCriteriaId":"E7C46C22-63A5-4B14-919A-09756664CBFE"}]}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-01","source":"productsecurity@jci.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories","source":"productsecurity@jci.com","tags":["Vendor Advisory"]}]}}]}