CVE-2026-22909
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2026-22909, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: SICK AG

Description

Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-07-06
AI Q&A
2026-01-15
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 10 associated CPEs
Vendor Product Version / Range
sick_ag tdc-x401gl to 1.4.0 (exc)
sick_ag meac300 *
sick_ag lector8xx *
sick_ag inspectorp8xx *
sick_ag dl100-2xxxxxxx *
sick_ag flexi_compact *
sick_ag picoscan *
sick_ag multiscan *
sick_ag field_analytics *
sick_ag media_server *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

The vulnerability can impact you by allowing attackers to disrupt system operations through unauthorized control over installed applications. This can lead to denial of service or operational interruptions, potentially affecting the availability of the system.

Mitigation Strategies

Immediate mitigation steps include restricting network access to the affected device to minimize exposure, implementing network segmentation and firewall rules to limit unauthorized access, and following recommended security practices for operating the device in a protected IT environment. The definitive remediation is to upgrade the firmware of the affected device (SICK TDC-X401GL) to version 1.4.0 or later, which addresses the vulnerability. [2, 4]

Executive Summary

This vulnerability allows certain system functions to be accessed without proper authorization. Attackers can start, stop, or delete installed applications on the affected system, which can disrupt system operations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22909. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart