CVE-2026-22920 identifies a security weakness in the SICK AG TDC-X401GL device related to the use of weak credentials stemming from insufficient password salting. Salting is a cryptographic technique used to add randomness to passwords before hashing, which protects against precomputed hash attacks such as rainbow tables. The lack of adequate salting means that attackers who can obtain hashed passwords from the device could more easily perform offline brute-force or dictionary attacks to recover the original passwords. This vulnerability affects all versions of the TDC-X401GL product line. The CVSS v3.1 score of 3.7 reflects a low severity, primarily because exploitation requires network access, has high complexity, and does not directly impact integrity or availability. No privileges or user interaction are required, but the attack vector is network-based with high complexity, limiting ease of exploitation. Currently, there are no known exploits in the wild. The vulnerability falls under CWE-1391, which concerns the use of weak credentials due to poor password storage practices. The device is typically used in industrial environments for automation and sensing, making it a potential target for attackers aiming to gain footholds in operational technology (OT) networks. The absence of vendor patches at the time of publication necessitates interim mitigations to reduce risk.

For European organizations, particularly those in manufacturing, industrial automation, and critical infrastructure sectors that deploy SICK AG TDC-X401GL devices, this vulnerability poses a risk to credential confidentiality. Compromise of device passwords could allow attackers to gain unauthorized access to the device, potentially enabling reconnaissance or lateral movement within OT networks. While the vulnerability does not directly affect device integrity or availability, stolen credentials could be leveraged in multi-stage attacks targeting operational processes. This is especially concerning in environments where these devices interface with critical control systems. The relatively low CVSS score indicates limited immediate risk, but the potential for credential theft could facilitate more impactful attacks if combined with other vulnerabilities or misconfigurations. European organizations with less mature OT security practices may face higher risks. Additionally, regulatory compliance frameworks such as NIS2 may require addressing such vulnerabilities to maintain operational security standards.

To mitigate this vulnerability, organizations should: 1) Monitor vendor communications closely and apply any patches or firmware updates provided by SICK AG as soon as they become available. 2) Implement network segmentation to isolate TDC-X401GL devices from broader enterprise networks, limiting attacker access to these devices. 3) Employ strong network access controls and restrict management interfaces to trusted hosts only. 4) Use network monitoring and anomaly detection tools to identify unusual access patterns or brute-force attempts targeting these devices. 5) Where possible, replace or upgrade devices with improved credential storage mechanisms. 6) Enforce strong password policies and consider changing default or weak passwords on affected devices. 7) Conduct regular security audits of OT environments to identify and remediate weak credential storage and other vulnerabilities. 8) Train OT personnel on the risks associated with credential management and encourage prompt reporting of suspicious activity. These steps go beyond generic advice by focusing on OT-specific controls and proactive monitoring tailored to the affected product and environment.