CVE-2026-22911
Published: 15 January 2026
Summary
CVE-2026-22911 is a medium-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Sick Tdc-X401Gl Firmware. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 9.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-28 (Protection of Information at Rest).
Deeper analysis
CVE-2026-22911 affects firmware update files for SICK devices, where the files expose password hashes for system accounts. Published on 2026-01-15, this vulnerability falls under CWE-798 (Use of Hard-coded Credentials) and CWE-522 (Insufficiently Protected Credentials). It carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), reflecting medium severity with low-impact confidentiality exposure over the network.
A remote attacker requires no privileges or user interaction to exploit this vulnerability. By accessing the publicly available firmware update files, the attacker can extract the exposed password hashes, crack them offline if feasible, and recover credentials for system accounts, enabling unauthorized access to the affected device.
SICK has published mitigation guidance through its PSIRT page at https://sick.com/psirt and detailed advisories in CSAF format, including https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json and https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf. Additional ICS-focused recommendations are available from CISA at https://www.cisa.gov/resources-tools/resources/ics-recommended-practices.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2812
Vulnerability details
Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Firmware files publicly expose password hashes (unsecured credentials in files); recovered credentials enable use of valid accounts for device access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires secure generation, storage, and distribution of authenticators so that password hashes are never embedded in publicly distributed firmware files.
Mandates cryptographic protection of sensitive data (password hashes) at rest within firmware update packages before they are released.
Requires developer testing and evaluation that would detect exposure of hard-coded credentials in firmware artifacts prior to distribution.