CVE-2026-22646
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick_ag | incoming_goods_suite | From 1.2.1 (inc) |
| grafana | grafana | 11.5.0 |
| grafana | grafana | From 11.3.8 (inc) to 12.0.2 (inc) |
| sick_ag | meac300 | * |
| sick_ag | lector8xx | * |
| sick_ag | inspectorp8xx | * |
| sick_ag | dl100-2xxxxxxx | * |
| sick_ag | flexi_compact | * |
| sick_ag | picoscan | * |
| sick_ag | multiscan | * |
| sick_ag | field_analytics | * |
| sick_ag | media_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves certain error messages returned by the application that expose internal system details to end users. These details include information such as file paths, database errors, or software versions that should remain hidden. By revealing this information, attackers can gain valuable reconnaissance data to map the application's internal structure and potentially discover other, more critical vulnerabilities.
How can this vulnerability impact me? :
The vulnerability can impact you by providing attackers with sensitive internal information about your system through error messages. This reconnaissance information can be used to better understand the application's architecture and identify further security weaknesses, increasing the risk of targeted attacks and exploitation of more severe vulnerabilities.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring application error messages for exposure of internal system details such as file paths, database errors, or software version information that should not be visible to end users. To detect it on your system, you can analyze application logs and network traffic for such error messages. While no specific commands are provided in the resources, general best practices include using network monitoring tools and log analysis to identify unexpected error disclosures. Additionally, implementing Web Application Firewalls (WAF) can help detect and block such information leaks. [5]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the affected application to minimize exposure, implementing network segmentation and access controls, and filtering outbound traffic to prevent exploitation. Applying Web Application Firewalls (WAF) to block error message disclosures and reviewing application configurations to suppress detailed error messages from being shown to end users are recommended. Additionally, following SICK's cybersecurity guidelines for industrial networks, including use of VPNs, VLANs, and strict access controls, will help reduce risk until a patch or update is available. [5]