6.8
/ 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Description
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.
Basic Information
ID
CVE-2026-22637
Source
SICK AG
Published
Jan 15, 2026 at 13:10
Modified
Jan 15, 2026 at 13:27
Affected Product
Vendor
SICK AG
Product
Incoming Goods Suite
Affected Versions
SICK AG Incoming Goods Suite 0
CWE Classification
References
- sick.com /psirt
- www.sick.com /media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
- www.cisa.gov /resources-tools/resources/ics-recommended-practices
- www.first.org /cvss/calculator/3.1
- www.sick.com /.well-known/csaf/white/2026/sca-2026-0002.json
- www.sick.com /.well-known/csaf/white/2026/sca-2026-0002.pdf