CVE-2026-22917 - Vulnerability Details

- Improper Input Handling Leading to Resource Exhaustion in SICK TDC-X401GL

Description

Improper input handling in a system endpoint may allow attackers to overload resources, causing a denial of service.

Published: 2026-01-15

Score: 4.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability involves improper input handling in a system endpoint, which can cause resource exhaustion. An attacker could send crafted input to overload system resources, resulting in service disruption. This is classified as a CWE‑770 weakness that compromises availability.

Affected Systems

The affected product is the SICK AG TDC‑X401GL hardware series. The issue applies to all currently shipped firmware versions prior to the latest release. Users are advised to upgrade to firmware version 1.5.0 or later to eliminate the flaw.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate risk. The EPSS score of less than 1% suggests that exploitation is unlikely at this time, and the vulnerability is not listed in the CISA KEV catalog. It is inferred that attackers would need some form of network access to the vulnerable endpoint, though the exact scope (local or remote) is not specified in the description. The lack of high exploitation probability reduces urgency, but the denial‑of‑service impact could impede essential operations.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SICK AG

TDC-X401GL

affected

Version	Status	Constraints
`0`	affected	< 1.5.0

Configuration 1 [-]

AND

cpe:2.3:o:sick:tdc-x401gl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:tdc-x401gl:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Sick Ag	Tdc-x401gl	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

Users are strongly recommended to upgrade to the latest release of TDC-X401GL (>= 1.5.0).

OpenCVE Recommended Actions

Upgrade to TDC‑X401GL firmware version 1.5.0 or later.
Restrict network access to the system endpoint handling input to trusted devices only.
Implement monitoring and alerting for abnormal resource consumption patterns.

Generated by OpenCVE AI on April 18, 2026 at 16:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00063.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://sick.com/psirt
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf
https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf

History

Sat, 18 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
Title		Improper Input Handling Leading to Resource Exhaustion in SICK TDC-X401GL

Fri, 23 Jan 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sick Sick tdc-x401gl Sick tdc-x401gl Firmware
CPEs		cpe:2.3:h:sick:tdc-x401gl:-:::::::* cpe:2.3:o:sick:tdc-x401gl_firmware::::::::
Vendors & Products		Sick Sick tdc-x401gl Sick tdc-x401gl Firmware

Fri, 16 Jan 2026 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sick Ag Sick Ag tdc-x401gl
Vendors & Products		Sick Ag Sick Ag tdc-x401gl

Thu, 15 Jan 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 15 Jan 2026 13:15:00 +0000

Type	Values Removed	Values Added
Description		Improper input handling in a system endpoint may allow attackers to overload resources, causing a denial of service.
Weaknesses		CWE-770
References		https://sick.com/psirt https://www.cisa.gov/resources-tools/resources/ics-recommended-practices https://www.first.org/cvss/calculator/3.1 https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}`

Subscriptions

Sick Tdc-x401gl Tdc-x401gl Firmware

Sick Ag Tdc-x401gl

MITRE

Status: PUBLISHED

Assigner: SICK AG

Published: 2026-01-15T13:07:41.205Z

Updated: 2026-01-15T14:38:02.024Z

Reserved: 2026-01-13T09:11:12.759Z

Link: CVE-2026-22917

Vulnrichment

Updated: 2026-01-15T14:37:58.915Z

NVD

Status : Analyzed

Published: 2026-01-15T13:16:06.660

Modified: 2026-01-23T14:59:11.110

Link: CVE-2026-22917

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T16:15:04Z

Weaknesses

CWE-770

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object