CVE-2026-22644

Опубликовано: 15 янв. 2026

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

EPSS Низкий

Описание

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access.

Ссылки

https://sick.com/psirt
Vendor Advisory
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
US Government Resource
https://www.first.org/cvss/calculator/3.1
Not Applicable
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.json
Vendor Advisory
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.pdf
Vendor Advisory
https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sick:incoming_goods_suite:*:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00078

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-598

Связанные уязвимости

GHSA-x9mj-9378-r98g

CVSS3: 5.3

github

24 дня назад

EPSS

Процентиль: 23%

0.00078

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-598