CVE-2026-22918
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick_ag | tdc-x401gl | to 1.4.0 (exc) |
| sick_ag | meac300 | * |
| sick_ag | lector8xx | * |
| sick_ag | inspectorp8xx | * |
| sick_ag | dl100-2xxxxxxx | * |
| sick_ag | flexi_compact | * |
| sick_ag | picoscan | * |
| sick_ag | multiscan | * |
| sick_ag | field_analytics | * |
| sick_ag | media_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1021 | The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a missing protection against clickjacking attacks. An attacker can exploit this by tricking users into performing unintended actions on maliciously crafted web pages. This can lead to the extraction of sensitive data from the affected system.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to trick users into unintended actions, potentially leading to the extraction of sensitive data. Although it does not directly affect confidentiality according to the CVSS score, it can cause integrity loss by unauthorized actions performed through clickjacking.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing network segmentation and access controls as outlined in SICK's cybersecurity guidelines, such as using firewalls, VLANs, VPNs, and strict filtering of inbound and outbound traffic to reduce attack vectors. Additionally, monitoring device configurations and network activity continuously can help detect unauthorized changes. Since this vulnerability involves missing protection against clickjacking, applying web application security measures like Web Application Firewalls (WAF) is recommended. Contacting SICK PSIRT for official advisories and updates is also advised. [4, 1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to exploit missing clickjacking protections to trick users into unintended actions, potentially leading to extraction of sensitive data. This exposure of sensitive data could negatively impact compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding personal and sensitive information. Organizations using affected products should consider this risk in their security and compliance assessments and apply recommended mitigations to reduce the likelihood of data breaches. [4]