CVE-2026-22910

Summary

The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.

Affected Software

VendorProductVersion RangeStatus
SICK AGTDC-X401GLall versionsaffected

Weaknesses

  • CWE-1391: CWE-1391 Use of Weak Credentials

Workarounds

Upon completion of the initial device setup, deactivate AppEngine. Disabling it fully mitigates this vulnerability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References