CVE-2026-22910
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: SICK AG

Description
The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-15
EPSS Evaluated
2026-06-14
NVD
CVE-2026-22910
EUVD
EUVD-2026-2809
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
sick_ag tdc-x401gl to 1.4.0 (exc)
sick_ag meac300 *
sick_ag lector8xx *
sick_ag inspectorp8xx *
sick_ag dl100-2xxxxxxx *
sick_ag flexi_compact *
sick_ag picoscan *
sick_ag multiscan *
sick_ag field_analytics *
sick_ag media_server *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1391 The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the device being deployed with weak and publicly known default passwords for certain hidden user levels. This weakness increases the risk of unauthorized access to the system, posing a high risk to the system's integrity.

Impact Analysis

The vulnerability can allow unauthorized users to gain access to hidden user levels on the device due to weak default passwords. This unauthorized access threatens the integrity of the system, potentially allowing attackers to manipulate or interfere with system operations.

Detection Guidance

The provided resources do not include specific commands or direct detection methods for this vulnerability. However, general best practices for detecting unauthorized access due to weak or default passwords include monitoring for unusual login attempts, scanning for devices with default credentials, and auditing user accounts for hidden or undocumented users. Network monitoring and device inventory management as described in the SICK Operating Guidelines can help detect unauthorized access or configuration changes. For detailed detection commands or tools, consult the vendor's security advisories or implement network and system monitoring solutions tailored to your environment. [4]

Mitigation Strategies

Immediate mitigation steps include changing the weak and publicly known default passwords for all hidden user levels on the affected devices to strong, unique passwords. Additionally, implement network segmentation and restrict network access to the device to minimize exposure. Follow the cybersecurity best practices outlined in the SICK Operating Guidelines, such as using firewalls, access controls, and monitoring. Contact SICK PSIRT for any available security advisories or updates. Since this vulnerability involves default credentials, ensuring that default passwords are replaced is critical to prevent unauthorized access. [1, 4]

Compliance Impact

The vulnerability involves weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access and posing a high risk to system integrity. Such unauthorized access risks can lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity. However, the provided resources do not explicitly discuss the impact of this specific vulnerability on compliance with these standards or regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22910. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart