Description
Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.
Published: 2026-01-15
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Potential remote credential exposure enabling unauthorized device access
Action: Secure Access
AI Analysis

Impact

Firmware update files may reveal password hashes for system accounts, which a remote attacker could reverse engineer to obtain valid credentials for the device. This vulnerability allows an unauthorised user to gain access to the device, potentially compromising its confidentiality, integrity, and availability. The flaw is a credentials disclosure weakness as reflected by the associated CWE identifiers.

Affected Systems

The affected product is the SICK AG TDC‑X401GL industrial controller. The firmware update process is the source of the vulnerability; any device running a firmware that has not applied the fix is susceptible.

Risk and Exploitability

With a CVSS score of 5.3 the vulnerability is of moderate severity. The EPSS score indicates a very low likelihood of exploitation, and there is no record of it being in the CISA KEV catalog. The exploit would require remote access to the device or its update mechanism, after which an attacker could read the exposed password hashes to discover user credentials and then authenticate to the device.

Generated by OpenCVE AI on April 18, 2026 at 06:11 UTC.

Remediation

Vendor Workaround

Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources "SICK Operating Guidelines" and "ICS-CERT recommended practices on Industrial Security" could help to implement the general security practices.

OpenCVE Recommended Actions

  • Apply the latest firmware release for the TDC‑X401GL that removes the credential exposure flaw
  • Restrict access to the device to authorized, trusted entities by using network segmentation, firewalls and access controls
  • Follow the SICK Operating Guidelines and ICs‑CERT recommended practices on Industrial Security to implement general security measures
  • Monitor logs for anomalous authentication attempts to detect credential compromise early

Generated by OpenCVE AI on April 18, 2026 at 06:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Title Firmware Update Files Exposing Password Hashes Allow Credential Compromise

Fri, 23 Jan 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Sick
Sick tdc-x401gl
Sick tdc-x401gl Firmware
Weaknesses CWE-522
CPEs cpe:2.3:h:sick:tdc-x401gl:-:*:*:*:*:*:*:*
cpe:2.3:o:sick:tdc-x401gl_firmware:*:*:*:*:*:*:*:*
Vendors & Products Sick
Sick tdc-x401gl
Sick tdc-x401gl Firmware

Fri, 16 Jan 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Sick Ag
Sick Ag tdc-x401gl
Vendors & Products Sick Ag
Sick Ag tdc-x401gl

Thu, 15 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 15 Jan 2026 13:15:00 +0000

Type Values Removed Values Added
Description Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Sick Tdc-x401gl Tdc-x401gl Firmware
Sick Ag Tdc-x401gl
cve-icon MITRE

Status: PUBLISHED

Assigner: SICK AG

Published:

Updated: 2026-01-15T14:39:02.055Z

Reserved: 2026-01-13T09:11:11.448Z

Link: CVE-2026-22911

cve-icon Vulnrichment

Updated: 2026-01-15T14:38:57.485Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-15T13:16:05.813

Modified: 2026-01-23T15:35:59.573

Link: CVE-2026-22911

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:15:15Z

Weaknesses