Cyber Resilience

CVE-2026-22910

High

Published: 15 January 2026

Published
15 January 2026
Modified
23 January 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0044 34.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-22910 is a high-severity Use of Weak Credentials (CWE-1391) vulnerability in Sick Tdc-X401Gl Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 34.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2026-22910 is a vulnerability in certain SICK devices deployed with weak and publicly known default passwords for hidden user levels, increasing the risk of unauthorized access and representing a high risk to system integrity. Published on 2026-01-15, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWE-1391.

A remote attacker requires only network access and no privileges or user interaction to exploit this vulnerability by authenticating with the publicly known default credentials for the hidden user levels. Successful exploitation results in high confidentiality impact, potentially allowing disclosure of sensitive system information.

Mitigation guidance is provided in SICK's PSIRT advisory at https://sick.com/psirt and the associated CSAF documents SCA-2026-0001 at https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json and https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf. CISA ICS recommended practices are available at https://www.cisa.gov/resources-tools/resources/ics-recommended-practices, and the CVSS calculator is at https://www.first.org/cvss/calculator/3.1.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Directly enables initial access via publicly known default credentials on hidden accounts (T1078.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22909Same product: Sick Tdc-X401Gl
CVE-2026-22917Same product: Sick Tdc-X401Gl
CVE-2026-22918Same product: Sick Tdc-X401Gl
CVE-2026-22911Same product: Sick Tdc-X401Gl
CVE-2026-22908Same product: Sick Tdc-X401Gl
CVE-2026-22907Same product: Sick Tdc-X401Gl
CVE-2025-67114Shared CWE-1391
CVE-2026-1627Same vendor: Sick
CVE-2025-59461Same vendor: Sick
CVE-2025-58587Same vendor: Sick

Affected Assets

sick
tdc-x401gl firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires changing default authenticators prior to first use, preventing exploitation of weak and publicly known default passwords for hidden user levels.

prevent

Enforces secure configuration settings that prohibit deployment with weak default credentials, addressing the insecure factory configurations in affected SICK devices.

prevent

Account management processes ensure hidden or unnecessary user accounts are identified, disabled, or provisioned with strong authenticators to mitigate unauthorized access risks.

References