Critical vulnerability in Johnson Controls Frick Quantum HD Unity refregiraton controller

published: Nov. 9, 2023

Take action: If your Quantum HD Unity is exposed to the internet, lock it down to trusted internal networks only. Then follow the instructions to patch the system.


Learn More

FRICK Quantum HD Unity System Controller for industrial refrigeration control has a critical vulnerability. The flaw could grant an unauthorized individual access to debug capabilities.

The vulnerability is tracked as CVE-2023-4804 (CVSS3 score 10). An attacker could potentially exploit this flaw to gain access to the product's debug functionalities that were not intended to be publicly accessible, expose configurations and details of credentials.

List of affected Johnson Controls Quantum HD Unity devices:

  • Versions below v11.22 for Quantum HD Unity Compressor control panels (Q5)
  • Versions below v12.22 for Quantum HD Unity Compressor control panels (Q6)
  • Versions below v11.12 for Quantum HD Unity AcuAir control panels(Q5)
  • Versions below v12.12 for Quantum HD Unity AcuAir control panels(Q6)
  • Versions below v11.11 for Quantum HD Unity Condenser/Vessel control panels (Q5)
  • Versions below v12.11 for Quantum HD Unity Condenser/Vessel control panels (Q6)
  • Versions below v11.11 for Quantum HD Unity Evaporator control panels (Q5)
  • Versions below v12.11 for Quantum HD Unity Evaporator control panels (Q6)
  • Versions below v11.11 for Quantum HD Unity Engine Room control panels (Q5)
  • Versions below v12.11 for Quantum HD Unity Engine Room control panels (Q6)
  • Versions below v11.11 for Quantum HD Unity Interface control panels (Q5)
  • Versions below v12.11 for Quantum HD Unity Interface control panels (Q6)

Johnson Controls advises customers to upgrade to the latest firmware versions:

  • For Quantum HD Unity Compressor control panels, update to version 11.22 (Q5) or 12.22 (Q6).
  • For Quantum HD Unity AcuAir control panels, update to version 11.12 (Q5) or 12.12 (Q6).
  • For Quantum HD Unity Condenser/Vessel control panels, update to version 11.11 (Q5) or 12.11 (Q6).
  • For Quantum HD Unity Evaporator control panels, update to version 11.11 (Q5) or 12.11 (Q6).
  • For Quantum HD Unity Engine Room control panels, update to version 11.11 (Q5) or 12.11 (Q6).
  • For Quantum HD Unity Interface control panels, update to version 11.11 (Q5) or 12.11 (Q6).

Refer to the Johnson Controls update instructions for guidance on applying these mitigations.

Critical vulnerability in Johnson Controls Frick Quantum HD Unity refregiraton controller