Vulnerability Description
The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sick | Incoming Goods Suite | < 1.2.1 |
Related Weaknesses (CWE)
References
- https://sick.com/psirtVendor Advisory
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practicesUS Government Resource
- https://www.first.org/cvss/calculator/3.1Not Applicable
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.jsonVendor Advisory
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.pdfVendor Advisory
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidProduct
FAQ
What is CVE-2026-22645?
CVE-2026-22645 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components.
How severe is CVE-2026-22645?
CVE-2026-22645 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-22645?
Check the references section above for vendor advisories and patch information. Affected products include: Sick Incoming Goods Suite.