CVE-2026-22908

CRITICAL

Sick Tdc-x401gl Firmware < 1.4.0 - Incorrect Privilege Assignment

Title source: rule
STIX 2.1

Description

Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.

References (6)

Scores

CVSS v3 9.1
EPSS 0.0003
EPSS Percentile 8.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-266
Status published
Products (1)
sick/tdc-x401gl_firmware < 1.4.0
Published Jan 15, 2026
Tracked Since Feb 18, 2026