Vulnerability Description
Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths, database errors, or software versions) that can be used to map the application's internal structure and discover other, more critical vulnerabilities.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sick | Incoming Goods Suite | < 1.2.1 |
Related Weaknesses (CWE)
References
- https://sick.com/psirtVendor Advisory
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practicesUS Government Resource
- https://www.first.org/cvss/calculator/3.1Not Applicable
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.jsonVendor Advisory
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.pdfVendor Advisory
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidProduct
FAQ
What is CVE-2026-22646?
CVE-2026-22646 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths...
How severe is CVE-2026-22646?
CVE-2026-22646 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-22646?
Check the references section above for vendor advisories and patch information. Affected products include: Sick Incoming Goods Suite.