Cyber Posture

CVE-2026-22918

Medium

Published: 15 January 2026

Published
15 January 2026
Modified
23 January 2026
KEV Added
Patch
CVSS Score 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score 0.0002 6.0th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22918 is a medium-severity Improper Restriction of Rendered UI Layers or Frames (CWE-1021) vulnerability in Sick Tdc-X401Gl Firmware. Its CVSS base score is 4.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190).
Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Vulnerability in public-facing SICK web interfaces directly enables remote exploitation via crafted pages for clickjacking-based data access.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.

Deeper analysisAI

CVE-2026-22918, published on 2026-01-15, is a vulnerability stemming from missing protection against clickjacking, classified under CWE-1021. It affects components from SICK, as detailed in the vendor's advisories. The issue carries a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N), indicating medium severity with network accessibility, low attack complexity, no privileges required, and user interaction needed, resulting in low integrity impact.

An unauthenticated remote attacker can exploit this vulnerability by creating maliciously crafted web pages that trick users into performing unintended actions on affected SICK web interfaces. Successful exploitation leads to the extraction of sensitive data through clickjacking techniques, where users are deceived into interacting with hidden or overlaid elements.

Mitigation details are outlined in SICK's PSIRT advisory at https://sick.com/psirt and the CSAF provider-specific advisories sca-2026-0001.json and sca-2026-0001.pdf available at https://www.sick.com/.well-known/csaf/white/2026/. Additional context includes CISA's ICS recommended practices at https://www.cisa.gov/resources-tools/resources/ics-recommended-practices and the FIRST CVSS v3.1 calculator at https://www.first.org/cvss/calculator/3.1.

Details

CWE(s)
CWE-1021

Affected Products

sick
tdc-x401gl firmware
all versions

CVEs Like This One

CVE-2026-22907Same product: Sick Tdc-X401Gl
CVE-2026-22917Same product: Sick Tdc-X401Gl
CVE-2026-22910Same product: Sick Tdc-X401Gl
CVE-2026-22908Same product: Sick Tdc-X401Gl
CVE-2026-22911Same product: Sick Tdc-X401Gl
CVE-2026-22909Same product: Sick Tdc-X401Gl
CVE-2026-22920Same product: Sick Tdc-X401Gl
CVE-2026-22644Same vendor: Sick
CVE-2026-22646Same vendor: Sick
CVE-2026-1626Same vendor: Sick

References