CVE-2026-22919
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: SICK AG

Description
An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-15
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22919
EUVD
EUVD-2026-2811
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
sick_ag tdc-x401gl to 1.4.0 (exc)
sick_ag meac300 *
sick_ag lector8xx *
sick_ag inspectorp8xx *
sick_ag dl100-2xxxxxxx *
sick_ag flexi_compact *
sick_ag picoscan *
sick_ag multiscan *
sick_ag field_analytics *
sick_ag media_server *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability allows an attacker who already has administrative access to inject malicious content into the login page of the affected product. This injection can enable cross-site scripting (XSS) attacks, which may lead to the extraction of sensitive data from users interacting with the login page.

Impact Analysis

The vulnerability can impact you by allowing an attacker to perform cross-site scripting (XSS) attacks on the login page, potentially leading to the theft or exposure of sensitive data. Since the attacker needs administrative access to inject malicious content, the risk involves misuse of privileges to compromise user data confidentiality and integrity.

Detection Guidance

The provided resources do not include specific commands or direct detection methods for this vulnerability. However, general best practices for detecting unauthorized changes or malicious content injection include continuous device inventory, configuration snapshots, and activity monitoring to detect unauthorized changes, as well as monitoring network traffic for anomalies. Using Web Application Firewalls (WAF) can help detect and prevent cross-site scripting (XSS) attacks. For detailed detection commands or scripts, consulting SICK PSIRT advisories or security guidelines may be necessary. [4, 1]

Mitigation Strategies

Immediate mitigation steps include restricting administrative access to the device to trusted personnel only, implementing strong access controls, and monitoring for unauthorized changes to the login page. Employing network segmentation, firewalls, and Web Application Firewalls (WAF) can help limit exposure and prevent exploitation of cross-site scripting vulnerabilities. Contacting SICK PSIRT for any available security advisories or patches is recommended. Since this vulnerability involves malicious content injection by an attacker with administrative access, ensuring that administrative credentials are secure and that the system is monitored for suspicious activity is critical. [4, 1]

Compliance Impact

The vulnerability allows an attacker with administrative access to inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks that could lead to the extraction of sensitive data. Such exposure of sensitive data could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches. Therefore, this vulnerability poses a risk to maintaining compliance with these standards by potentially compromising confidentiality and integrity of sensitive data. [4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22919. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart