CVE-2026-22912
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick_ag | tdc-x401gl | to 1.4.0 (exc) |
| sick_ag | meac300 | * |
| sick_ag | lector8xx | * |
| sick_ag | inspectorp8xx | * |
| sick_ag | dl100-2xxxxxxx | * |
| sick_ag | flexi_compact | * |
| sick_ag | picoscan | * |
| sick_ag | multiscan | * |
| sick_ag | field_analytics | * |
| sick_ag | media_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper validation of a login parameter that may allow attackers to redirect users to malicious websites after they have authenticated. This redirection can trick users into visiting harmful sites, potentially leading to credential theft or other security risks.
How can this vulnerability impact me? :
The vulnerability can impact you by enabling attackers to redirect authenticated users to malicious websites, which can result in stealing user credentials and potentially compromising user accounts or sensitive information.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing network segmentation and access controls as outlined in SICK's cybersecurity guidelines, such as using firewalls, VLANs, VPNs, and strict outbound traffic filtering to reduce exposure. Additionally, monitoring and maintaining device inventories and configurations can help detect unauthorized changes. Since this vulnerability involves improper validation of login parameters leading to malicious redirects, restricting network access and applying recommended security practices to protect authentication processes are advised. For detailed cybersecurity measures, refer to SICK's Operating Guidelines Cybersecurity document. [4]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain specific information about how CVE-2026-22912 affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The provided resources do not include specific commands or direct detection methods for CVE-2026-22912. However, general best practices for detecting vulnerabilities in industrial control systems include continuous device inventory, configuration snapshots, and activity monitoring to detect unauthorized changes, as well as network segmentation and traffic filtering to identify suspicious redirects or unusual outbound connections. For this specific vulnerability involving improper validation of a login parameter leading to user redirection to malicious websites, monitoring web traffic for unexpected redirects after authentication could be useful. Implementing Web Application Firewalls (WAF) and filtering outbound HTTP/HTTPS traffic may help detect or mitigate exploitation attempts. For detailed detection commands or tools, consulting SICK PSIRT advisories or cybersecurity guidelines is recommended. [4]