CVE-2026-22910 – This vulnerability allows attackers to gain una... (How to Fix)

Q: What is the severity of CVE-2026-22910?

CVE-2026-22910 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to gain unauthorized access to affected devices by using weak, publicly known default passwords on hidden user accounts. It affects industrial control systems and IoT devices from SICK AG that have not changed these default credentials. The risk is particularly high for systems exposed to networks.

📋 TL;DR

This vulnerability allows attackers to gain unauthorized access to affected devices by using weak, publicly known default passwords on hidden user accounts. It affects industrial control systems and IoT devices from SICK AG that have not changed these default credentials. The risk is particularly high for systems exposed to networks.

💻 Affected Systems

Products:

SICK AG industrial devices and sensors

Versions: All versions with default configurations

Operating Systems: Embedded/Proprietary

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects devices with hidden user levels that retain factory default passwords.

📦 What is this software?

Tdc X401gl Firmware by Sick

View all CVEs affecting Tdc X401gl Firmware →

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to modify configurations, disrupt operations, install malware, or pivot to other network segments.

🟠

Likely Case

Unauthorized access leading to data theft, configuration changes, or disruption of device functionality.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though credential exposure remains a concern.

🌐 Internet-Facing: HIGH - Devices exposed to the internet can be easily discovered and exploited using automated tools.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this, but requires network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only knowledge of default credentials, which are publicly documented. No special tools needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific firmware updates

Vendor Advisory: https://sick.com/psirt

Restart Required: Yes

Instructions:

1. Consult SICK PSIRT advisory for affected products. 2. Download latest firmware from vendor portal. 3. Apply firmware update following vendor documentation. 4. Change all default passwords after update.

🔧 Temporary Workarounds

Password Change

all

Manually change default passwords for all user accounts including hidden levels

Use device configuration interface to change passwords

Network Segmentation

all

Isolate affected devices from untrusted networks

Configure firewall rules to restrict access to device management interfaces

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach device management interfaces
Enable detailed logging and monitoring for authentication attempts on these devices

🔍 How to Verify

Check if Vulnerable:

Attempt to authenticate to device using documented default credentials for hidden user levels

Check Version:

Check device firmware version via web interface or serial console

Verify Fix Applied:

Verify authentication fails with default credentials and new strong passwords are in place

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful login with default credentials
Multiple login attempts from single source

Network Indicators:

Unusual traffic patterns to device management ports
Authentication attempts from unexpected IP ranges

SIEM Query:

source="device_logs" AND (event_type="authentication" AND (result="success" AND user="default_admin" OR user="factory"))

📊 Metadata

CVE ID: CVE-2026-22910

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-1391

EPSS Score: 0.05% exploit probability (15.7th percentile)

Published: January 15, 2026

Last Updated: January 23, 2026

🔗 References

https://sick.com/psirt Vendor Advisory
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices US Government Resource
https://www.first.org/cvss/calculator/3.1 Not Applicable
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json Vendor Advisory
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf Vendor Advisory
https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22910, you might also want to check these: