CVE-2026-22912 is classified as a CWE-601 open redirect vulnerability found in the SICK AG TDC-X401GL device. The root cause is improper validation of a login parameter that controls URL redirection after user authentication. When a user logs in, the application accepts a redirect URL parameter without sufficient validation, allowing an attacker to craft a URL that redirects the user to an arbitrary external site after successful login. This can be exploited to conduct phishing attacks by redirecting users to malicious websites designed to steal credentials or deliver malware. The vulnerability does not require any privileges or authentication to initiate the attack, but user interaction is necessary since the victim must log in and follow the manipulated redirect. The CVSS 3.1 score of 4.3 reflects that the attack vector is network-based with low attack complexity and no privileges required, but user interaction is necessary. Confidentiality impact is low as the vulnerability itself does not disclose information but can facilitate credential theft indirectly. Integrity and availability impacts are none. No patches or known exploits are currently reported, indicating this is a newly disclosed vulnerability. The affected product, TDC-X401GL, is used in industrial automation and logistics environments, where secure authentication and session management are critical. The vulnerability highlights the importance of validating redirect parameters to prevent open redirect attacks that can undermine user trust and security.

For European organizations, especially those in industrial automation, manufacturing, and logistics sectors using SICK AG TDC-X401GL devices, this vulnerability poses a risk of phishing and credential theft. Attackers can exploit the open redirect to lure authenticated users to malicious sites, potentially capturing login credentials or deploying further attacks such as malware infections or session hijacking. Although the vulnerability does not directly compromise device integrity or availability, stolen credentials could be leveraged to gain unauthorized access to sensitive systems or networks, leading to broader security incidents. This risk is heightened in critical infrastructure sectors where SICK AG products are commonly deployed. The medium severity rating indicates a moderate risk, but the potential for lateral movement and escalation after credential compromise could amplify the impact. Organizations may face operational disruptions, data breaches, and reputational damage if attackers successfully exploit this vulnerability.

1. Implement strict validation and sanitization of all URL redirect parameters on the TDC-X401GL device to ensure only trusted internal URLs are accepted. 2. Employ an allowlist approach for redirect URLs, rejecting any redirect requests to external or untrusted domains. 3. If possible, disable URL redirection after login or require explicit user confirmation before redirecting. 4. Educate users about the risks of phishing and instruct them to verify URLs before following redirects, especially after authentication. 5. Monitor network traffic and logs for suspicious redirect attempts or unusual login patterns that may indicate exploitation attempts. 6. Coordinate with SICK AG for firmware updates or patches addressing this vulnerability and apply them promptly once available. 7. Use multi-factor authentication (MFA) to reduce the risk of credential compromise even if phishing occurs. 8. Conduct regular security assessments of web interfaces and authentication flows to detect similar vulnerabilities early.