CVE-2026-22914
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2026-22914, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: SICK AG

Description

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-07-06
AI Q&A
2026-01-15
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 10 associated CPEs
Vendor Product Version / Range
sick_ag tdc-x401gl to 1.4.0 (exc)
sick_ag meac300 *
sick_ag lector8xx *
sick_ag inspectorp8xx *
sick_ag dl100-2xxxxxxx *
sick_ag flexi_compact *
sick_ag picoscan *
sick_ag multiscan *
sick_ag field_analytics *
sick_ag media_server *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability allows an attacker with limited permissions to write files to specific locations on the device. This unauthorized file write capability can potentially lead to manipulation of the system, affecting its integrity. The vulnerability exists in the SICK TDC-X401GL device and is characterized by insufficient privilege restrictions that enable such unauthorized actions.

Impact Analysis

The vulnerability can impact you by allowing an attacker with limited permissions to manipulate the system through unauthorized file writes. This can lead to integrity issues on the device, potentially causing system manipulation or unauthorized changes. Although it does not directly affect confidentiality or availability, the integrity impact could disrupt normal operations or lead to further exploitation.

Mitigation Strategies

Immediate mitigation steps include restricting network access to the affected device to minimize exposure, implementing strong network segmentation and access controls as outlined in SICK's cybersecurity guidelines, and monitoring for unauthorized file writes or system manipulations. Since the vulnerability involves limited permission users being able to write files to specific locations, enforcing strict access controls and network segmentation can reduce risk. Additionally, contacting SICK PSIRT for official advisories and updates is recommended. No specific patch or firmware update is mentioned for CVE-2026-22914, so following general industrial cybersecurity best practices and SICK's operating guidelines is advised. [1, 4]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22914. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart