CVE-2026-22646
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: SICK AG

Description
Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths, database errors, or software versions) that can be used to map the application's internal structure and discover other, more critical vulnerabilities.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22646
EUVD
EUVD-2026-2793
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
sick_ag incoming_goods_suite From 1.2.1 (inc)
grafana grafana 11.5.0
grafana grafana From 11.3.8 (inc) to 12.0.2 (inc)
sick_ag meac300 *
sick_ag lector8xx *
sick_ag inspectorp8xx *
sick_ag dl100-2xxxxxxx *
sick_ag flexi_compact *
sick_ag picoscan *
sick_ag multiscan *
sick_ag field_analytics *
sick_ag media_server *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-209 The product generates an error message that includes sensitive information about its environment, users, or associated data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves certain error messages returned by the application that expose internal system details to end users. These details include information such as file paths, database errors, or software versions that should remain hidden. By revealing this information, attackers can gain valuable reconnaissance data to map the application's internal structure and potentially discover other, more critical vulnerabilities.

Impact Analysis

The vulnerability can impact you by providing attackers with sensitive internal information about your system through error messages. This reconnaissance information can be used to better understand the application's architecture and identify further security weaknesses, increasing the risk of targeted attacks and exploitation of more severe vulnerabilities.

Detection Guidance

This vulnerability can be detected by monitoring application error messages for exposure of internal system details such as file paths, database errors, or software version information that should not be visible to end users. To detect it on your system, you can analyze application logs and network traffic for such error messages. While no specific commands are provided in the resources, general best practices include using network monitoring tools and log analysis to identify unexpected error disclosures. Additionally, implementing Web Application Firewalls (WAF) can help detect and block such information leaks. [5]

Mitigation Strategies

Immediate mitigation steps include restricting network access to the affected application to minimize exposure, implementing network segmentation and access controls, and filtering outbound traffic to prevent exploitation. Applying Web Application Firewalls (WAF) to block error message disclosures and reviewing application configurations to suppress detailed error messages from being shown to end users are recommended. Additionally, following SICK's cybersecurity guidelines for industrial networks, including use of VPNs, VLANs, and strict access controls, will help reduce risk until a patch or update is available. [5]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22646. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart