CVE-2026-22914

Summary

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.

Affected Software

VendorProductVersion RangeStatus
SICK AGTDC-X401GLall versionsaffected

Weaknesses

  • CWE-266: CWE-266 Incorrect Privilege Assignment

Workarounds

Upon completion of the initial device setup, deactivate AppEngine. Disabling it fully mitigates this vulnerability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References