Sick Tdc-x401gl Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Sick Tdc-x401gl Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2026-22907 — CVSS 9.9 (critical): An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.
CVE-2026-22908 — CVSS 9.1 (critical): Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity…
CVE-2026-22909 — CVSS 7.5 (high): Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications…
CVE-2026-22910 — CVSS 7.5 (high): The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized…
CVE-2026-22911 — CVSS 5.3 (medium): Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain…
CVE-2026-22912 — CVSS 4.3 (medium): Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to…
CVE-2026-22913 — CVSS 4.3 (medium): Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction…
CVE-2026-22914 — CVSS 4.3 (medium): An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system…
CVE-2026-22915 — CVSS 4.3 (medium): An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive…
CVE-2026-22916 — CVSS 4.3 (medium): An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper…
CVE-2026-22917 — CVSS 4.3 (medium): Improper input handling in a system endpoint may allow attackers to overload resources, causing a denial of service.
CVE-2026-22918 — CVSS 4.3 (medium): An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously…
CVE-2026-22919 — CVSS 3.8 (low): An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS)…