CVE-2026-22916
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick_ag | tdc-x401gl | to 1.4.0 (exc) |
| sick_ag | meac300 | * |
| sick_ag | lector8xx | * |
| sick_ag | inspectorp8xx | * |
| sick_ag | dl100-2xxxxxxx | * |
| sick_ag | flexi_compact | * |
| sick_ag | picoscan | * |
| sick_ag | multiscan | * |
| sick_ag | field_analytics | * |
| sick_ag | media_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an attacker with low privileges to trigger critical system functions such as reboot or factory reset without proper restrictions. This means the attacker can cause the system to restart or reset to factory settings even though they should not have the permission to do so.
How can this vulnerability impact me? :
The vulnerability can lead to service disruption or loss of configuration by allowing unauthorized triggering of critical system functions like reboot or factory reset. This can cause downtime, loss of important system settings, and potentially interrupt normal operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The provided resources do not include specific commands or direct detection methods for this vulnerability. However, general best practices for detecting unauthorized triggering of critical system functions include continuous device inventory, configuration snapshots, and activity monitoring to detect unauthorized changes. Network segmentation, monitoring of control plane communication protocols, and filtering of network traffic can help identify suspicious activities. For detailed cybersecurity guidelines and network security measures, refer to SICK's Operating Guidelines Cybersecurity document. [4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the affected device, implementing network segmentation and filtering to limit exposure, and applying any available security advisories or firmware updates from SICK PSIRT. Although no specific firmware update is mentioned for CVE-2026-22916, following general security best practices such as minimizing network exposure, enforcing strict access controls, and monitoring for unauthorized commands can reduce risk. Contacting SICK PSIRT for official advisories and mitigation guidance is recommended. [1, 4]