CVE-2026-22915
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SICK AG | TDC-X401GL | all versions | affected |
Weaknesses
- CWE-497: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
Workarounds
Upon completion of the initial device setup, deactivate AppEngine. Disabling it fully mitigates this vulnerability.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://sick.com/psirt
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.