CVE-2026-22915
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick_ag | tdc-x401gl | to 1.4.0 (exc) |
| sick_ag | meac300 | * |
| sick_ag | lector8xx | * |
| sick_ag | inspectorp8xx | * |
| sick_ag | dl100-2xxxxxxx | * |
| sick_ag | flexi_compact | * |
| sick_ag | picoscan | * |
| sick_ag | multiscan | * |
| sick_ag | field_analytics | * |
| sick_ag | media_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an attacker with low privileges to read files from specific directories on the affected device, potentially exposing sensitive information. It affects the SICK TDC-X401GL device and involves unauthorized file access due to insufficient privilege restrictions.
How can this vulnerability impact me? :
The vulnerability can lead to exposure of sensitive information by allowing an attacker with low privileges to read files they should not have access to. This could result in information disclosure, potentially compromising confidentiality. However, it does not impact integrity or availability according to the CVSS score.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the affected device firmware to the latest version to remediate the vulnerability. Additionally, general security measures such as minimizing network exposure of the device, restricting network access, and operating the device within a protected IT environment following recommended security practices should be applied. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain specific information regarding how CVE-2026-22915 affects compliance with common standards and regulations such as GDPR or HIPAA.