CVE-2026-22920

Low CVSS: 3.7

The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks.

Vendor

Product

CWE

Yayın Tarihi

2026-01-15 13:16:07

Güncelleme

2026-01-23 18:36:58

Source Identifier

psirt@sick.de

KEV Date Added

CWE-1391 Tdc-x401gl Firmware LOW Sick 2026

https://sick.com/psirt https://www.cisa.gov/resources-tools/resources/ics-recommended-practices https://www.first.org/cvss/calculator/3.1 https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf

Medium

CVE-2026-1627

An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromis…

Medium

CVE-2026-1626

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or ma…

Medium

CVE-2026-22644

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft throu…

Medium

CVE-2026-22645

The application discloses all used components, versions and license information to unauthenticated actors, giving attack…

Medium

CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end user…

Medium

CVE-2026-22913

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead…