CVE-2026-22920

Summary

The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks.

Affected Software

VendorProductVersion RangeStatus
SICK AGTDC-X401GLall versionsaffected

Weaknesses

  • CWE-1391: CWE-1391 Use of Weak Credentials

Workarounds

Upon completion of the initial device setup, deactivate AppEngine. Disabling it fully mitigates this vulnerability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References