CVE-2026-22917
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick_ag | tdc-x401gl | to 1.4.0 (exc) |
| sick_ag | meac300 | * |
| sick_ag | lector8xx | * |
| sick_ag | inspectorp8xx | * |
| sick_ag | dl100-2xxxxxxx | * |
| sick_ag | flexi_compact | * |
| sick_ag | picoscan | * |
| sick_ag | multiscan | * |
| sick_ag | field_analytics | * |
| sick_ag | media_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by improper input handling in a system endpoint of the SICK TDC-X401GL device. It allows attackers to overload system resources, which can lead to a denial of service (DoS) condition, making the device unavailable or unresponsive.
How can this vulnerability impact me? :
The vulnerability can impact you by causing a denial of service on the affected device, which means the system could become unavailable or stop functioning properly. This could disrupt operations that rely on the device, potentially leading to downtime or loss of service.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability CVE-2026-22917, immediate steps include applying any available vendor patches or updates that address the improper input handling issue. Since the vulnerability allows resource overload leading to denial of service, general security best practices such as minimizing network exposure of the affected device, restricting network access, and implementing network segmentation and filtering should be applied. Following SICK's cybersecurity guidelines, including using firewalls, VLANs, and access controls, can help reduce attack vectors. Contacting SICK PSIRT for official advisories and mitigation recommendations is also advised. [1, 4]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain specific information on how CVE-2026-22917 affects compliance with common standards and regulations such as GDPR or HIPAA. The vulnerability involves improper input handling leading to denial of service, which could impact availability, but no direct linkage to regulatory compliance implications is described.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The provided resources do not include specific commands or direct detection methods for CVE-2026-22917. However, general cybersecurity best practices for industrial control systems (ICS) include continuous device inventory, configuration snapshots, and activity monitoring to detect unauthorized changes. Network segmentation, use of firewalls, traffic filtering, and monitoring network traffic for anomalies can help detect attempts to exploit vulnerabilities causing denial of service. For detailed detection and mitigation, contacting SICK PSIRT or referring to their security advisories is recommended. [1, 4]