CVE-2026-22910
CVE-2026-22910
In short
The device comes with weak, easily guessable default passwords for hidden administrative accounts. An attacker who knows these commonly published passwords can gain unauthorized access and compromise the system.
Technical detail
The vulnerability exists due to hardcoded default credentials in hidden user privilege levels (CWE-1391: Weak Authentication). An attacker with network access can authenticate using publicly known default passwords, bypassing access controls and gaining elevated privileges to modify system configuration or data integrity.
Summary generated and translated by AI from the official description.
The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
SICK AG · TDC-X401GLWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://sick.com/psirthttps://www.cisa.gov/resources-tools/resources/ics-recommended-practiceshttps://www.first.org/cvss/calculator/3.1https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdfhttps://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.jsonhttps://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf