CVE-2026-22914
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick_ag | tdc-x401gl | to 1.4.0 (exc) |
| sick_ag | meac300 | * |
| sick_ag | lector8xx | * |
| sick_ag | inspectorp8xx | * |
| sick_ag | dl100-2xxxxxxx | * |
| sick_ag | flexi_compact | * |
| sick_ag | picoscan | * |
| sick_ag | multiscan | * |
| sick_ag | field_analytics | * |
| sick_ag | media_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an attacker with limited permissions to write files to specific locations on the device. This unauthorized file write capability can potentially lead to manipulation of the system, affecting its integrity. The vulnerability exists in the SICK TDC-X401GL device and is characterized by insufficient privilege restrictions that enable such unauthorized actions.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker with limited permissions to manipulate the system through unauthorized file writes. This can lead to integrity issues on the device, potentially causing system manipulation or unauthorized changes. Although it does not directly affect confidentiality or availability, the integrity impact could disrupt normal operations or lead to further exploitation.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the affected device to minimize exposure, implementing strong network segmentation and access controls as outlined in SICK's cybersecurity guidelines, and monitoring for unauthorized file writes or system manipulations. Since the vulnerability involves limited permission users being able to write files to specific locations, enforcing strict access controls and network segmentation can reduce risk. Additionally, contacting SICK PSIRT for official advisories and updates is recommended. No specific patch or firmware update is mentioned for CVE-2026-22914, so following general industrial cybersecurity best practices and SICK's operating guidelines is advised. [1, 4]