CVE-2026-22911
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: SICK AG

Description
Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-15
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22911
EUVD
EUVD-2026-2812
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
sick_ag tdc-x401gl to 1.4.0 (exc)
sick_ag meac300 *
sick_ag lector8xx *
sick_ag inspectorp8xx *
sick_ag dl100-2xxxxxxx *
sick_ag flexi_compact *
sick_ag picoscan *
sick_ag multiscan *
sick_ag field_analytics *
sick_ag media_server *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves firmware update files that may expose password hashes for system accounts. This exposure could allow a remote attacker to recover credentials and gain unauthorized access to the affected device.

Impact Analysis

The vulnerability can impact you by allowing a remote attacker to recover system account credentials from exposed password hashes in firmware update files. This unauthorized access could compromise the device's security by allowing the attacker to access the system without permission.

Detection Guidance

The provided resources do not include specific commands or direct detection methods for this vulnerability. However, general best practices for detecting vulnerabilities in industrial control systems include continuous device inventory, configuration snapshots, and activity monitoring to detect unauthorized changes. Network segmentation and monitoring traffic for unusual access attempts can also help identify exploitation attempts. For detailed detection commands or tools specific to this vulnerability, consulting SICK PSIRT advisories or contacting their support is recommended. [1, 4]

Mitigation Strategies

Immediate mitigation steps include applying any available firmware updates that address the vulnerability. Although no specific firmware version is mentioned for CVE-2026-22911, general recommendations from SICK for similar vulnerabilities include upgrading to the latest firmware version. Additionally, minimizing network exposure by restricting network access, implementing network segmentation, using firewalls, and following recommended security practices such as those outlined in SICK's cybersecurity operating guidelines can help reduce risk. [1, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22911. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart