CVE-2026-22645
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick_ag | incoming_goods_suite | * |
| grafana | grafana | From 11.5.0 (exc) |
| grafana | grafana | From 12.0.2 (inc) |
| grafana | grafana | From 11.6.3 (inc) |
| grafana | grafana | From 11.5.6 (inc) |
| grafana | grafana | From 11.4.6 (inc) |
| grafana | grafana | From 11.3.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability causes the application to disclose all used components, their versions, and license information to unauthenticated actors. This means that attackers can see detailed information about the software components in use without needing to log in or authenticate. With this information, attackers can identify known security vulnerabilities in those components and potentially exploit them.
How can this vulnerability impact me? :
The impact of this vulnerability is that attackers can gain information about the components and versions used in the application, which can help them target known vulnerabilities in those components. This can lead to increased risk of attacks exploiting those vulnerabilities, potentially compromising confidentiality. The CVSS score indicates a low to medium severity with a confidentiality impact but no impact on integrity or availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The provided resources do not include specific commands or detailed detection methods for identifying this vulnerability on your network or system. However, general best practices for detecting vulnerabilities in industrial control systems include continuous device inventory, configuration snapshots, and activity monitoring to detect unauthorized changes. Network segmentation and monitoring of network traffic can help identify unusual access patterns that might indicate exploitation attempts. For detailed detection commands or tools specific to this vulnerability, please refer to official advisories or contact SICK PSIRT. [5]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include minimizing network exposure of the affected application, restricting network access to trusted users and systems, and following best security practices such as network segmentation, use of firewalls, and access controls. Since the vulnerability involves disclosure of component versions and license information to unauthenticated actors, limiting external access and monitoring for unauthorized access attempts are critical. Additionally, contacting SICK PSIRT for security advisories and applying any available patches or updates as soon as they are released is recommended. [1, 5]