CVE-2026-22914
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: SICK AG

Description
An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-15
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22914
EUVD
EUVD-2026-2819
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
sick_ag tdc-x401gl to 1.4.0 (exc)
sick_ag meac300 *
sick_ag lector8xx *
sick_ag inspectorp8xx *
sick_ag dl100-2xxxxxxx *
sick_ag flexi_compact *
sick_ag picoscan *
sick_ag multiscan *
sick_ag field_analytics *
sick_ag media_server *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability allows an attacker with limited permissions to write files to specific locations on the device. This unauthorized file write capability can potentially lead to manipulation of the system, affecting its integrity. The vulnerability exists in the SICK TDC-X401GL device and is characterized by insufficient privilege restrictions that enable such unauthorized actions.

Impact Analysis

The vulnerability can impact you by allowing an attacker with limited permissions to manipulate the system through unauthorized file writes. This can lead to integrity issues on the device, potentially causing system manipulation or unauthorized changes. Although it does not directly affect confidentiality or availability, the integrity impact could disrupt normal operations or lead to further exploitation.

Mitigation Strategies

Immediate mitigation steps include restricting network access to the affected device to minimize exposure, implementing strong network segmentation and access controls as outlined in SICK's cybersecurity guidelines, and monitoring for unauthorized file writes or system manipulations. Since the vulnerability involves limited permission users being able to write files to specific locations, enforcing strict access controls and network segmentation can reduce risk. Additionally, contacting SICK PSIRT for official advisories and updates is recommended. No specific patch or firmware update is mentioned for CVE-2026-22914, so following general industrial cybersecurity best practices and SICK's operating guidelines is advised. [1, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22914. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart