CVE-2026-2330
Published: 06 March 2026
Summary
CVE-2026-2330 is a critical-severity Files or Directories Accessible to External Parties (CWE-552) vulnerability in Sick (inferred from references). Its CVSS base score is 9.4 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2026-2330 affects the CROWN REST interface on SICK devices due to incomplete whitelist enforcement, classified under CWE-552. This flaw enables access to restricted filesystem areas, including certain directories intended for internal testing, without requiring authentication. Published on 2026-03-06, the vulnerability carries a CVSS v3.1 base score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H), indicating high severity with network accessibility and no privileges needed.
An unauthenticated attacker with network access to the device can exploit the vulnerability by placing a manipulated parameter file into the exposed directories via the REST interface. Upon device reboot, the file activates, allowing the attacker to modify critical settings, including network configuration and application parameters, potentially leading to integrity and availability disruptions.
SICK's advisory SCA-2026-0006, available in JSON and PDF formats, along with their cybersecurity operating guidelines document, provide details on mitigations. Additional guidance appears in CISA's ICS recommended practices resource.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10024
Vulnerability details
An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker…
more
could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables exploitation of a public-facing REST interface (T1190) for unauthenticated file placement (T1105), allowing manipulated parameter files to alter critical settings upon reboot (T1565.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
AC-3 enforces approved authorizations for access to system resources, directly mitigating the incomplete whitelist enforcement that exposed restricted filesystem directories via the unauthenticated REST interface.
AC-14 explicitly identifies and limits permitted actions without identification or authentication, preventing unauthorized access to internal testing directories intended to be restricted.
AC-6 applies least privilege to restrict access to only necessary resources, addressing the exposure of non-essential internal directories through the REST interface.