← back
CVE-2026-22646

CVE-2026-22646

CVSS 4.3 MEDIUMEPSS 0.4%CWE-209
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.4%KEV nãoPoC Patch referenciado
Lifecycle
15 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths, database errors, or software versions) that can be used to map the application's internal structure and discover other, more critical vulnerabilities.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
SICK AG · Incoming Goods Suite

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://sick.com/psirthttps://www.cisa.gov/resources-tools/resources/ics-recommended-practiceshttps://www.first.org/cvss/calculator/3.1https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdfhttps://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.jsonhttps://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.pdf