CVE-2026-22920
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick_ag | tdc-x401gl | to 1.4.0 (exc) |
| sick_ag | meac300 | * |
| sick_ag | lector8xx | * |
| sick_ag | inspectorp8xx | * |
| sick_ag | dl100-2xxxxxxx | * |
| sick_ag | flexi_compact | * |
| sick_ag | picoscan | * |
| sick_ag | multiscan | * |
| sick_ag | field_analytics | * |
| sick_ag | media_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1391 | The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the device's passwords not being adequately salted, which makes them vulnerable to password extraction attacks. Salting is a security measure that adds random data to passwords before hashing to protect against attacks such as rainbow table attacks. Without adequate salting, attackers can more easily extract or crack passwords from the device.
How can this vulnerability impact me? :
The vulnerability can lead to password extraction attacks, potentially allowing unauthorized parties to obtain passwords from the device. This could compromise the security of the device by enabling attackers to gain unauthorized access or perform further malicious actions. However, the CVSS score is relatively low (3.7), indicating limited impact, specifically a low confidentiality impact and no impact on integrity or availability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing strong password policies and ensuring passwords are adequately salted to prevent extraction attacks. Additionally, following SICK's cybersecurity guidelines such as network segmentation, access controls, and minimizing network exposure can help reduce risk. Contacting SICK PSIRT for any available security advisories or updates is recommended. Since no specific firmware update or patch is mentioned for this vulnerability, applying general best practices from SICK's Operating Guidelines on Cybersecurity is advised. [1, 4]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves inadequately salted passwords, making them susceptible to password extraction attacks, which could potentially lead to unauthorized access to sensitive data. This weakness may impact compliance with standards and regulations such as GDPR and HIPAA that require protection of personal and sensitive information through adequate security controls. However, no explicit information about compliance impact or regulatory considerations is provided in the available resources.