CVE-2026-22909
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick_ag | tdc-x401gl | to 1.4.0 (exc) |
| sick_ag | meac300 | * |
| sick_ag | lector8xx | * |
| sick_ag | inspectorp8xx | * |
| sick_ag | dl100-2xxxxxxx | * |
| sick_ag | flexi_compact | * |
| sick_ag | picoscan | * |
| sick_ag | multiscan | * |
| sick_ag | field_analytics | * |
| sick_ag | media_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to disrupt system operations through unauthorized control over installed applications. This can lead to denial of service or operational interruptions, potentially affecting the availability of the system.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the affected device to minimize exposure, implementing network segmentation and firewall rules to limit unauthorized access, and following recommended security practices for operating the device in a protected IT environment. The definitive remediation is to upgrade the firmware of the affected device (SICK TDC-X401GL) to version 1.4.0 or later, which addresses the vulnerability. [2, 4]
Can you explain this vulnerability to me?
This vulnerability allows certain system functions to be accessed without proper authorization. Attackers can start, stop, or delete installed applications on the affected system, which can disrupt system operations.