CVE-2026-22915 is a vulnerability identified in all versions of the SICK AG TDC-X401GL device, a product commonly used in industrial automation and manufacturing environments. The vulnerability is classified under CWE-497, which pertains to the exposure of sensitive system information to an unauthorized control sphere. Specifically, an attacker with low privileges on the device can read files from certain directories that should be restricted, potentially gaining access to sensitive configuration or operational data. The vulnerability is remotely exploitable over the network (Attack Vector: Network) and requires low attack complexity with no user interaction needed. The CVSS v3.1 base score is 4.3, indicating a medium severity level. The impact is limited to confidentiality, with no direct impact on integrity or availability. There are currently no known exploits in the wild, and no patches have been released by SICK AG at the time of publication. The exposure of sensitive information could facilitate further attacks or reconnaissance by adversaries targeting industrial control systems. The vulnerability affects all versions of the TDC-X401GL, suggesting a systemic issue in access control or file permission configurations within the device's firmware or software stack.

For European organizations, especially those in manufacturing, industrial automation, and critical infrastructure sectors that deploy SICK AG TDC-X401GL devices, this vulnerability poses a risk of unauthorized disclosure of sensitive system information. Exposure of configuration files or operational data could enable attackers to better understand the device environment, potentially aiding in subsequent targeted attacks or lateral movement within industrial networks. While the vulnerability does not directly compromise system integrity or availability, the confidentiality breach could lead to intellectual property theft or operational intelligence leaks. Given the strategic importance of industrial automation in Europe’s manufacturing hubs, such as Germany’s automotive sector or Italy’s machinery industry, the impact could be significant if exploited in conjunction with other vulnerabilities. The lack of patches and known exploits means organizations must proactively manage risk through compensating controls. The vulnerability also raises concerns about supply chain security and the resilience of industrial control systems against low-privilege insider threats or external attackers gaining limited access.

1. Implement strict network segmentation to isolate TDC-X401GL devices from general enterprise networks and limit access to trusted management systems only. 2. Enforce robust access control policies on the devices, ensuring that low-privilege accounts cannot access sensitive directories or files. 3. Monitor device logs and network traffic for unusual file access patterns or unauthorized read attempts, using industrial intrusion detection systems where available. 4. Restrict remote access to the devices through VPNs or secure management channels with multi-factor authentication. 5. Engage with SICK AG support channels to obtain updates on patches or firmware upgrades addressing this vulnerability and plan timely deployment once available. 6. Conduct regular security audits and penetration tests focusing on industrial control systems to identify similar information exposure issues. 7. Educate operational technology (OT) personnel about the risks of information disclosure and the importance of maintaining strict privilege separation. 8. Consider deploying host-based controls or endpoint detection on management workstations interfacing with the TDC-X401GL to detect anomalous activities.