CVE-2026-22644_CVE-2026-22644

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access.

Basic Information

ID CVE-2026-22644

Source SICK AG

Published Jan 15, 2026 at 13:14

Affected Product

Vendor SICK AG

Product Incoming Goods Suite

Version all versions

Affected Versions SICK AG Incoming Goods Suite all versions

CWE Classification

CWE-598

References

{
    "lastseen": "",
    "description": "Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access.",
    "published": "2026-01-15T13:14:13.694Z",
    "modified": "2026-01-15T13:14:13.694Z",
    "type": "cve",
    "title": "CVE-2026-22644",
    "source": "SICK AG",
    "references": "https://sick.com/psirt\nhttps://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf\nhttps://www.cisa.gov/resources-tools/resources/ics-recommended-practices\nhttps://www.first.org/cvss/calculator/3.1\nhttps://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.json\nhttps://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.pdf",
    "id": "CVE-2026-22644",
    "bulletinFamily": "",
    "cwe": [
        "CWE-598"
    ],
    "cvelist": null,
    "sourceData": "SICK AG Incoming Goods Suite all versions",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Incoming Goods Suite",
    "version": "all versions",
    "vendor": "SICK AG",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}