{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22646", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2026-01-08T09:59:06.199Z", "datePublished": "2026-01-15T13:15:01.194Z", "dateUpdated": "2026-01-15T14:35:40.263Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Incoming Goods Suite", "vendor": "SICK AG", "versions": [{"lessThan": "1.2.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths, database errors, or software versions) that can be used to map the application's internal structure and discover other, more critical vulnerabilities.</p>"}], "value": "Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths, database errors, or software versions) that can be used to map the application's internal structure and discover other, more critical vulnerabilities."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "environmentalScore": 4.3, "environmentalSeverity": "MEDIUM", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "temporalScore": 4.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2026-01-15T13:15:01.194Z"}, "references": [{"tags": ["x_SICK PSIRT Security Advisories"], "url": "https://sick.com/psirt"}, {"tags": ["x_SICK Operating Guidelines"], "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"}, {"tags": ["x_ICS-CERT recommended practices on Industrial Security"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"tags": ["x_CVSS v3.1 Calculator"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"tags": ["x_The canonical URL."], "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.json"}, {"tags": ["vendor-advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Users are strongly recommended to upgrade to the latest release of Incoming Goods Suite (&gt;= 1.2.1).</p>"}], "value": "Users are strongly recommended to upgrade to the latest release of Incoming Goods Suite (>= 1.2.1)."}], "source": {"advisory": "SCA-2026-0002", "discovery": "INTERNAL"}, "x_generator": {"engine": "csaf2cve 0.2.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-15T14:35:14.803887Z", "id": "CVE-2026-22646", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-15T14:35:40.263Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22646", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-15T14:35:14.803887Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-15T14:35:33.792Z"}}], "cna": {"source": {"advisory": "SCA-2026-0002", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "temporalScore": 4.3, "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "temporalSeverity": "MEDIUM", "availabilityImpact": "NONE", "environmentalScore": 4.3, "privilegesRequired": "LOW", "confidentialityImpact": "LOW", "environmentalSeverity": "MEDIUM"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SICK AG", "product": "Incoming Goods Suite", "versions": [{"status": "affected", "version": "0", "lessThan": "1.2.1", "versionType": "custom"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "Users are strongly recommended to upgrade to the latest release of Incoming Goods Suite (>= 1.2.1).", "supportingMedia": [{"type": "text/html", "value": "<p>Users are strongly recommended to upgrade to the latest release of Incoming Goods Suite (&gt;= 1.2.1).</p>", "base64": false}]}], "references": [{"url": "https://sick.com/psirt", "tags": ["x_SICK PSIRT Security Advisories"]}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "tags": ["x_SICK Operating Guidelines"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": ["x_ICS-CERT recommended practices on Industrial Security"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "tags": ["x_CVSS v3.1 Calculator"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.json", "tags": ["x_The canonical URL."]}, {"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.pdf", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "csaf2cve 0.2.1"}, "descriptions": [{"lang": "en", "value": "Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths, database errors, or software versions) that can be used to map the application's internal structure and discover other, more critical vulnerabilities.", "supportingMedia": [{"type": "text/html", "value": "<p>Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths, database errors, or software versions) that can be used to map the application's internal structure and discover other, more critical vulnerabilities.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2026-01-15T13:15:01.194Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22646", "state": "PUBLISHED", "dateUpdated": "2026-01-15T14:35:40.263Z", "dateReserved": "2026-01-08T09:59:06.199Z", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "datePublished": "2026-01-15T13:15:01.194Z", "assignerShortName": "SICK AG"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sick:incoming_goods_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6E02E7A-B758-4262-9F62-24229C60F17A", "versionEndExcluding": "1.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths, database errors, or software versions) that can be used to map the application's internal structure and discover other, more critical vulnerabilities."}], "id": "CVE-2026-22646", "lastModified": "2026-01-29T16:18:21.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@sick.de", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-15T14:16:28.430", "references": [{"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/psirt"}, {"source": "psirt@sick.de", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"source": "psirt@sick.de", "tags": ["Not Applicable"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.json"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.pdf"}, {"source": "psirt@sick.de", "tags": ["Product"], "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "psirt@sick.de", "type": "Secondary"}]}

{}

{"created": "2026-01-19T09:20:43.128328+00:00", "updated": "2026-01-19T09:20:43.128355+00:00", "vendors": ["sick_ag", "sick_ag$PRODUCT$incoming_goods_suite"]}