CVE-2026-22916
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SICK AG | TDC-X401GL | all versions | affected |
Weaknesses
- CWE-266: CWE-266 Incorrect Privilege Assignment
Workarounds
Upon completion of the initial device setup, deactivate AppEngine. Disabling it fully mitigates this vulnerability.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://sick.com/psirt
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.