Cyber Posture

CVE-2026-22910

High

Published: 15 January 2026

Published
15 January 2026
Modified
23 January 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0002 5.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22910 is a high-severity Use of Weak Credentials (CWE-1391) vulnerability in Sick Tdc-X401Gl Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 5.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Default Accounts (T1078.001).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

IA-5 Authenticator Management
addresses: CWE-1391

Ensuring sufficient strength of mechanism for authenticators prevents use of weak credentials.

IA-7 Cryptographic Module Authentication
addresses: CWE-1391

Enforces use of credentials that comply with standards rather than weak credentials for module access.

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
attack.mitre.org →
Why these techniques?

Directly enables initial access via publicly known default credentials on hidden accounts (T1078.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.

Deeper analysisAI

CVE-2026-22910 is a vulnerability in certain SICK devices deployed with weak and publicly known default passwords for hidden user levels, increasing the risk of unauthorized access and representing a high risk to system integrity. Published on 2026-01-15, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWE-1391.

A remote attacker requires only network access and no privileges or user interaction to exploit this vulnerability by authenticating with the publicly known default credentials for the hidden user levels. Successful exploitation results in high confidentiality impact, potentially allowing disclosure of sensitive system information.

Mitigation guidance is provided in SICK's PSIRT advisory at https://sick.com/psirt and the associated CSAF documents SCA-2026-0001 at https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json and https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf. CISA ICS recommended practices are available at https://www.cisa.gov/resources-tools/resources/ics-recommended-practices, and the CVSS calculator is at https://www.first.org/cvss/calculator/3.1.

Details

CWE(s)
CWE-1391

Affected Products

sick
tdc-x401gl firmware
all versions

CVEs Like This One

CVE-2026-22920Same product: Sick Tdc-X401Gl
CVE-2026-22917Same product: Sick Tdc-X401Gl
CVE-2026-22918Same product: Sick Tdc-X401Gl
CVE-2026-22907Same product: Sick Tdc-X401Gl
CVE-2026-22908Same product: Sick Tdc-X401Gl
CVE-2026-22911Same product: Sick Tdc-X401Gl
CVE-2026-22909Same product: Sick Tdc-X401Gl
CVE-2025-67114Shared CWE-1391
CVE-2026-22644Same vendor: Sick
CVE-2026-22646Same vendor: Sick

References