CVE-2026-22915

Summary

An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.

Affected Software

VendorProductVersion RangeStatus
SICK AGTDC-X401GLall versionsaffected

Weaknesses

  • CWE-497: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Workarounds

Upon completion of the initial device setup, deactivate AppEngine. Disabling it fully mitigates this vulnerability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References