CVE-2026-22912
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: SICK AG

Description
Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-15
EPSS Evaluated
2026-06-14
NVD
CVE-2026-22912
EUVD
EUVD-2026-2810
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
sick_ag tdc-x401gl to 1.4.0 (exc)
sick_ag meac300 *
sick_ag lector8xx *
sick_ag inspectorp8xx *
sick_ag dl100-2xxxxxxx *
sick_ag flexi_compact *
sick_ag picoscan *
sick_ag multiscan *
sick_ag field_analytics *
sick_ag media_server *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves improper validation of a login parameter that may allow attackers to redirect users to malicious websites after they have authenticated. This redirection can trick users into visiting harmful sites, potentially leading to credential theft or other security risks.

Impact Analysis

The vulnerability can impact you by enabling attackers to redirect authenticated users to malicious websites, which can result in stealing user credentials and potentially compromising user accounts or sensitive information.

Mitigation Strategies

Immediate mitigation steps include implementing network segmentation and access controls as outlined in SICK's cybersecurity guidelines, such as using firewalls, VLANs, VPNs, and strict outbound traffic filtering to reduce exposure. Additionally, monitoring and maintaining device inventories and configurations can help detect unauthorized changes. Since this vulnerability involves improper validation of login parameters leading to malicious redirects, restricting network access and applying recommended security practices to protect authentication processes are advised. For detailed cybersecurity measures, refer to SICK's Operating Guidelines Cybersecurity document. [4]

Compliance Impact

The provided resources do not contain specific information about how CVE-2026-22912 affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

The provided resources do not include specific commands or direct detection methods for CVE-2026-22912. However, general best practices for detecting vulnerabilities in industrial control systems include continuous device inventory, configuration snapshots, and activity monitoring to detect unauthorized changes, as well as network segmentation and traffic filtering to identify suspicious redirects or unusual outbound connections. For this specific vulnerability involving improper validation of a login parameter leading to user redirection to malicious websites, monitoring web traffic for unexpected redirects after authentication could be useful. Implementing Web Application Firewalls (WAF) and filtering outbound HTTP/HTTPS traffic may help detect or mitigate exploitation attempts. For detailed detection commands or tools, consulting SICK PSIRT advisories or cybersecurity guidelines is recommended. [4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22912. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart