Privilege escalation in Sick Tdc-x401gl
CVE-2026-22916
An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration.
EPSS: 0.003 (25.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L.
Affected products
- Sick Tdc-x401gl
- Sick Tdc-x401gl_firmware
- Sick Ag Tdc-x401gl — versions all versions
Weakness classification (CWE)
References
- psirt@sick.de (x_SICK PSIRT Security Advisories, Vendor Advisory)
- psirt@sick.de (x_SICK Operating Guidelines, Product)
- psirt@sick.de (US Government Resource, x_ICS-CERT recommended practices on Industrial Security)
- psirt@sick.de (x_CVSS v3.1 Calculator, Not Applicable)
- psirt@sick.de (x_The canonical URL., Vendor Advisory)
- psirt@sick.de (vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2026-22916?
- CVE-2026-22916 is a medium-severity vulnerability in Sick Tdc-x401gl, classified under Incorrect Privilege Assignment. CVSS score: 4.3/10. Published 2026-01-15.
- How severe is CVE-2026-22916?
- Medium severity. CVSS v3 base score is 4.3 out of 10.