CVE-2026-22916 – This vulnerability allows low-privileged attack... (How to Fix)

Q: What is the severity of CVE-2026-22916?

CVE-2026-22916 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows low-privileged attackers to trigger critical system functions like reboot or factory reset without proper authorization. It affects systems running vulnerable versions of SICK products where privilege escalation controls are insufficient. This could lead to service disruption or configuration loss.

📋 TL;DR

This vulnerability allows low-privileged attackers to trigger critical system functions like reboot or factory reset without proper authorization. It affects systems running vulnerable versions of SICK products where privilege escalation controls are insufficient. This could lead to service disruption or configuration loss.

💻 Affected Systems

Products:

SICK industrial automation and sensor products

Versions: Specific versions not detailed in provided references; consult vendor advisory.

Operating Systems: Embedded systems in SICK devices

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where privilege separation is not properly implemented for critical functions.

📦 What is this software?

Tdc X401gl Firmware by Sick

View all CVEs affecting Tdc X401gl Firmware →

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system disruption through unauthorized factory reset, requiring full reconfiguration and extended downtime.

🟠

Likely Case

Service disruption through unauthorized reboots affecting operational continuity.

🟢

If Mitigated

Minimal impact with proper access controls and monitoring in place.

🌐 Internet-Facing: MEDIUM - Exploitation requires some level of access but could be combined with other vulnerabilities.

🏢 Internal Only: HIGH - Internal users with any level of access could potentially trigger disruptive actions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some level of system access but minimal technical skill once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Consult vendor advisory for specific patched versions

Vendor Advisory: https://sick.com/psirt

Restart Required: Yes

Instructions:

1. Check vendor advisory for affected products. 2. Download and apply recommended firmware updates. 3. Restart affected devices. 4. Verify proper privilege controls are in place.

🔧 Temporary Workarounds

Implement strict access controls

all

Restrict user privileges to prevent low-privileged users from accessing critical functions

Network segmentation

all

Isolate affected systems from general network access

🧯 If You Can't Patch

Implement strict role-based access control (RBAC) to limit who can access critical functions
Monitor system logs for unauthorized reboot or reset attempts and implement alerting

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against vendor advisory and test if low-privileged users can trigger reboot/reset functions

Check Version:

Device-specific; consult product documentation for version check commands

Verify Fix Applied:

Verify firmware version is updated and test that low-privileged users cannot trigger critical functions

📡 Detection & Monitoring

Log Indicators:

Unauthorized reboot commands
Factory reset attempts from non-admin accounts
Privilege escalation attempts

Network Indicators:

Unexpected device restarts
Configuration changes from unauthorized sources

SIEM Query:

source="device_logs" AND (event="reboot" OR event="reset") AND user_privilege="low"

📊 Metadata

CVE ID: CVE-2026-22916

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-266

EPSS Score: 0.05% exploit probability (15.6th percentile)

Published: January 15, 2026

Last Updated: January 23, 2026

🔗 References

https://sick.com/psirt Vendor Advisory
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices US Government Resource
https://www.first.org/cvss/calculator/3.1 Not Applicable
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json Vendor Advisory
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf Vendor Advisory
https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22916, you might also want to check these: