CVE-2026-22919 identifies a cross-site scripting (XSS) vulnerability classified under CWE-79 in the SICK AG TDC-X401GL product. The vulnerability arises from improper neutralization of input during web page generation, specifically on the device's login page. An attacker who already has administrative access to the device's web interface can inject malicious scripts into the login page content. This injected code can execute in the context of users accessing the login page, potentially allowing the attacker to steal sensitive information such as session tokens or credentials, or perform actions on behalf of legitimate users. The CVSS 3.1 base score is 3.8, reflecting low severity due to the requirement of administrative privileges (PR:H), no user interaction (UI:N), and limited impact on confidentiality and integrity (C:L/I:L) without affecting availability (A:N). The vulnerability does not have any publicly known exploits at this time. The affected product is an industrial automation device used in various sectors, and the vulnerability could be leveraged in targeted attacks where administrative credentials are compromised or insider threats exist. Since the vulnerability is in the login page, it could facilitate further compromise or lateral movement within an organization's network if exploited.

For European organizations, the impact of this vulnerability is primarily on the confidentiality and integrity of data handled by the TDC-X401GL device. Although the vulnerability requires administrative access, if an attacker gains such access—through credential theft, insider threat, or other means—they could inject malicious scripts that compromise user sessions or extract sensitive information. This could lead to unauthorized control or data leakage within industrial control systems, potentially disrupting operational technology environments. While availability is not directly affected, the indirect consequences of data compromise could lead to operational disruptions or loss of trust. European industries relying on SICK AG devices, especially in manufacturing, logistics, and automation, could face targeted attacks exploiting this vulnerability to gain deeper access or exfiltrate data. The low CVSS score suggests limited immediate risk, but the specialized nature of the device and its role in critical infrastructure elevate the importance of addressing this issue.

To mitigate CVE-2026-22919, organizations should implement strict administrative access controls, ensuring that only trusted personnel have administrative privileges on the TDC-X401GL device. Employ network segmentation to isolate the device from broader enterprise networks, reducing exposure. Monitor administrative activity logs for unusual or unauthorized changes to the login page or web interface content. Since no patch is currently available, consider deploying web application firewalls (WAFs) or reverse proxies that can detect and block malicious script injections. Enforce strong authentication mechanisms, such as multi-factor authentication, for administrative access to reduce the risk of credential compromise. Regularly audit device configurations and perform security assessments to detect potential misuse. Once a vendor patch or update is released, prioritize its deployment. Additionally, educate administrators about the risks of XSS and the importance of secure input handling.