CVE-2026-22918

MEDIUM

SICK TDC-X401GL Firmware - Clickjacking via Missing UI Layer Protection

Title source: llm

Description

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.

References (6)

Core 6

Core References

Vendor Advisory x_sick psirt security advisories

https://sick.com/psirt

Product x_sick operating guidelines

https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf

US Government Resource x_ics-cert recommended practices on industrial security

https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

Not Applicable x_cvss v3.1 calculator

https://www.first.org/cvss/calculator/3.1

Vendor Advisory x_the canonical url.

https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json

Vendor Advisory vendor-advisory

https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf

Scores

CVSS v3 4.3

EPSS 0.0029

EPSS Percentile 20.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1021

Status published

Products (1)

sick/tdc-x401gl_firmware

Published Jan 15, 2026

Tracked Since Feb 18, 2026