CVE-2026-22645
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: SICK AG

Description
The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22645
EUVD
EUVD-2026-2804
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
sick_ag incoming_goods_suite *
grafana grafana From 11.5.0 (exc)
grafana grafana From 12.0.2 (inc)
grafana grafana From 11.6.3 (inc)
grafana grafana From 11.5.6 (inc)
grafana grafana From 11.4.6 (inc)
grafana grafana From 11.3.8 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability causes the application to disclose all used components, their versions, and license information to unauthenticated actors. This means that attackers can see detailed information about the software components in use without needing to log in or authenticate. With this information, attackers can identify known security vulnerabilities in those components and potentially exploit them.

Impact Analysis

The impact of this vulnerability is that attackers can gain information about the components and versions used in the application, which can help them target known vulnerabilities in those components. This can lead to increased risk of attacks exploiting those vulnerabilities, potentially compromising confidentiality. The CVSS score indicates a low to medium severity with a confidentiality impact but no impact on integrity or availability.

Detection Guidance

The provided resources do not include specific commands or detailed detection methods for identifying this vulnerability on your network or system. However, general best practices for detecting vulnerabilities in industrial control systems include continuous device inventory, configuration snapshots, and activity monitoring to detect unauthorized changes. Network segmentation and monitoring of network traffic can help identify unusual access patterns that might indicate exploitation attempts. For detailed detection commands or tools specific to this vulnerability, please refer to official advisories or contact SICK PSIRT. [5]

Mitigation Strategies

Immediate mitigation steps include minimizing network exposure of the affected application, restricting network access to trusted users and systems, and following best security practices such as network segmentation, use of firewalls, and access controls. Since the vulnerability involves disclosure of component versions and license information to unauthenticated actors, limiting external access and monitoring for unauthorized access attempts are critical. Additionally, contacting SICK PSIRT for security advisories and applying any available patches or updates as soon as they are released is recommended. [1, 5]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22645. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart