CVE-2026-22915 – CVE-2026-22915 allows attackers with low privil... (How to Fix)

Q: What is the severity of CVE-2026-22915?

CVE-2026-22915 has a CVSS score of 4.3 (MEDIUM). CVE-2026-22915 allows attackers with low privileges to read files from specific directories on affected devices, potentially exposing sensitive information. This vulnerability affects SICK industrial control systems and similar devices where directory permissions are improperly configured. Organizations using vulnerable SICK products should assess their exposure.

📋 TL;DR

CVE-2026-22915 allows attackers with low privileges to read files from specific directories on affected devices, potentially exposing sensitive information. This vulnerability affects SICK industrial control systems and similar devices where directory permissions are improperly configured. Organizations using vulnerable SICK products should assess their exposure.

💻 Affected Systems

Products:

SICK industrial control systems and devices

Versions: Specific versions not detailed in provided references; check vendor advisory for exact ranges.

Operating Systems: Embedded/Linux-based systems in SICK devices

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability appears to be in default configurations where directory permissions are too permissive for low-privilege users.

📦 What is this software?

Tdc X401gl Firmware by Sick

View all CVEs affecting Tdc X401gl Firmware →

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive configuration files, credentials, or proprietary data could be exfiltrated, leading to further system compromise or industrial espionage.

🟠

Likely Case

Attackers could access limited system information or configuration files that might aid in further attacks.

🟢

If Mitigated

With proper access controls and network segmentation, impact would be limited to non-critical directories.

🌐 Internet-Facing: MEDIUM - If devices are directly internet-accessible, attackers could exploit this without internal access.

🏢 Internal Only: LOW - Requires authenticated low-privilege access, limiting exposure to internal threats.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires low-privilege access but uses simple file read operations once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://sick.com/psirt

Restart Required: Yes

Instructions:

1. Check vendor advisory for affected products. 2. Download and apply vendor-provided patches. 3. Restart affected devices. 4. Verify patch application.

🔧 Temporary Workarounds

Restrict directory permissions

linux

Modify directory permissions to prevent low-privilege users from reading sensitive directories.

chmod 750 /path/to/sensitive/directories
chown root:root /path/to/sensitive/directories

Implement access controls

all

Configure additional access controls or user privilege restrictions.

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices
Apply principle of least privilege to all user accounts on affected systems

🔍 How to Verify

Check if Vulnerable:

Test if low-privilege accounts can read files from directories they shouldn't access using commands like 'ls -la /path' and 'cat /path/file'.

Check Version:

Check device firmware/software version via vendor-specific commands or web interface

Verify Fix Applied:

After patching, verify that low-privilege accounts can no longer access restricted directories.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns by low-privilege users
Multiple failed then successful file read attempts

Network Indicators:

Unexpected outbound transfers of configuration files
Anomalous access to device management interfaces

SIEM Query:

source="device_logs" AND (event="file_access" AND user="low_privilege_user" AND path="*/sensitive/*")

📊 Metadata

CVE ID: CVE-2026-22915

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-497

EPSS Score: 0.05% exploit probability (13.8th percentile)

Published: January 15, 2026

Last Updated: January 23, 2026

🔗 References

https://sick.com/psirt Vendor Advisory
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices US Government Resource
https://www.first.org/cvss/calculator/3.1 Not Applicable
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json Vendor Advisory
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf Vendor Advisory
https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22915, you might also want to check these: