CVE-2026-22909
Published: 15 January 2026
Summary
CVE-2026-22909 is a high-severity Improper Access Control (CWE-284) vulnerability in Sick Tdc-X401Gl Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Service Stop (T1489); ranked at the 7.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
The access control policy and procedures directly mandate and enforce proper access control mechanisms across the organization.
Supervision and review of access control activities directly detects and remediates improper access configurations or usages.
Associating and retaining security attributes with data directly supports enforcement of access control decisions across storage, processing, and transmission.
Requiring prior authorization for each remote access type prevents improper access control over remote connections.
Requiring authorization of wireless access before allowing connections enforces proper access control for this access method.
Requiring authorization and configuration controls for mobile device connections directly enforces access control and prevents unauthorized devices from reaching organizational systems.
Defining account types, requiring approvals for creation, specifying authorizations, monitoring usage, and reviewing accounts directly prevents improper access control by ensuring only authorized accounts exist and are used.
Enforces rules governing access to the system and its data from external systems based on established trust relationships.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper access control enables unauthenticated remote stopping/deletion of applications, directly facilitating Service Stop for availability impact.
NVD Description
Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.
Deeper analysisAI
CVE-2026-22909 is an improper access control vulnerability (CWE-284, CWE-863) affecting certain SICK products, where system functions can be accessed without proper authorization. This allows attackers to start, stop, or delete installed applications, potentially disrupting system operations. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its network accessibility, low attack complexity, and significant availability impact with no requirements for privileges or user interaction.
Remote attackers require no authentication or privileges to exploit this vulnerability over the network. Successful exploitation enables denial-of-service effects by manipulating installed applications, such as stopping critical processes or deleting software components, which can halt system functionality and disrupt operations in affected environments.
SICK has published detailed advisories via its PSIRT page and specific CSAF documents, including sca-2026-0001 in JSON and PDF formats, outlining mitigation steps. Additional guidance appears in CISA's ICS recommended practices, with CVSS details available via the FIRST calculator.
Details
- CWE(s)