CVE-2026-2331 (GCVE-0-2026-2331)

Vulnerability from cvelistv5 – Published: 2026-03-06 07:56 – Updated: 2026-03-09 21:04
VLAI
Title
CVE-2026-2331
Summary
An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
URL Tags
https://www.sick.com/psirt x_SICK PSIRT Security Advisories
https://www.sick.com/media/docs/9/19/719/special_… x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ic… x_ICS-CERT recommended practices on Industrial Security
https://www.first.org/cvss/calculator/3.1 x_CVSS v3.1 Calculator
https://www.sick.com/.well-known/csaf/white/2026/… x_The canonical URL.
https://www.sick.com/.well-known/csaf/white/2026/… vendor-advisory
Impacted products
Vendor Product Version
SICK AG SICK Lector85x Affected: 2.6.0 , ≤ 2.7.0 (custom)
Create a notification for this product.
SICK AG SICK Lector83x Affected: 2.6.0 , ≤ 2.7.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2331",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-09T20:55:24.319999Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-09T21:04:31.505Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "SICK Lector85x",
          "vendor": "SICK AG",
          "versions": [
            {
              "lessThanOrEqual": "2.7.0",
              "status": "affected",
              "version": "2.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "SICK Lector83x",
          "vendor": "SICK AG",
          "versions": [
            {
              "lessThanOrEqual": "2.7.0",
              "status": "affected",
              "version": "2.6.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment.\u003c/p\u003e"
            }
          ],
          "value": "An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-06T07:56:35.445Z",
        "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "shortName": "SICK AG"
      },
      "references": [
        {
          "tags": [
            "x_SICK PSIRT Security Advisories"
          ],
          "url": "https://www.sick.com/psirt"
        },
        {
          "tags": [
            "x_SICK Operating Guidelines"
          ],
          "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
        },
        {
          "tags": [
            "x_ICS-CERT recommended practices on Industrial Security"
          ],
          "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
        },
        {
          "tags": [
            "x_CVSS v3.1 Calculator"
          ],
          "url": "https://www.first.org/cvss/calculator/3.1"
        },
        {
          "tags": [
            "x_The canonical URL."
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.json"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.pdf"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUsers are strongly recommended to upgrade to release version 2.8.0.\u003c/p\u003e"
            }
          ],
          "value": "Users are strongly recommended to upgrade to release version 2.8.0."
        }
      ],
      "source": {
        "advisory": "SCA-2026-0006",
        "discovery": "INTERNAL"
      },
      "title": "CVE-2026-2331",
      "x_generator": {
        "engine": "csaf2cve 0.2.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
    "assignerShortName": "SICK AG",
    "cveId": "CVE-2026-2331",
    "datePublished": "2026-03-06T07:56:35.445Z",
    "dateReserved": "2026-02-11T09:33:16.256Z",
    "dateUpdated": "2026-03-09T21:04:31.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-2331",
      "date": "2026-07-02",
      "epss": "0.00886",
      "percentile": "0.54819"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-2331\",\"sourceIdentifier\":\"psirt@sick.de\",\"published\":\"2026-03-06T08:16:27.450\",\"lastModified\":\"2026-06-17T10:30:48.040\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment.\"},{\"lang\":\"es\",\"value\":\"Un atacante puede realizar operaciones de lectura y escritura no autenticadas en \u00e1reas sensibles del sistema de archivos a trav\u00e9s del acceso a archivos de AppEngine sobre HTTP debido a restricciones de acceso inadecuadas. Un directorio cr\u00edtico del sistema de archivos fue expuesto involuntariamente a trav\u00e9s de la funci\u00f3n de acceso a archivos basada en HTTP, permitiendo el acceso sin autenticaci\u00f3n. Esto incluye archivos de par\u00e1metros del dispositivo, permitiendo a un atacante leer y modificar la configuraci\u00f3n de la aplicaci\u00f3n, incluyendo contrase\u00f1as definidas por el cliente. Adem\u00e1s, la exposici\u00f3n del directorio de la aplicaci\u00f3n personalizada puede permitir la ejecuci\u00f3n de c\u00f3digo Lua arbitrario dentro del entorno aislado de AppEngine.\"}],\"affected\":[{\"source\":\"psirt@sick.de\",\"affectedData\":[{\"vendor\":\"SICK AG\",\"product\":\"SICK Lector85x\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"2.6.0\",\"lessThanOrEqual\":\"2.7.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"SICK AG\",\"product\":\"SICK Lector83x\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"2.6.0\",\"lessThanOrEqual\":\"2.7.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-03-09T20:55:24.319999Z\",\"id\":\"CVE-2026-2331\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]}],\"references\":[{\"url\":\"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.first.org/cvss/calculator/3.1\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.json\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.pdf\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf\",\"source\":\"psirt@sick.de\"},{\"url\":\"https://www.sick.com/psirt\",\"source\":\"psirt@sick.de\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-2331\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-09T20:55:24.319999Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-09T20:58:04.190Z\"}}], \"cna\": {\"title\": \"CVE-2026-2331\", \"source\": {\"advisory\": \"SCA-2026-0006\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"temporalScore\": 9.8, \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"temporalSeverity\": \"CRITICAL\", \"availabilityImpact\": \"HIGH\", \"environmentalScore\": 9.8, \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\", \"environmentalSeverity\": \"CRITICAL\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SICK AG\", \"product\": \"SICK Lector85x\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.7.0\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"SICK AG\", \"product\": \"SICK Lector83x\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.7.0\"}], \"defaultStatus\": \"affected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Users are strongly recommended to upgrade to release version 2.8.0.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eUsers are strongly recommended to upgrade to release version 2.8.0.\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.sick.com/psirt\", \"tags\": [\"x_SICK PSIRT Security Advisories\"]}, {\"url\": \"https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf\", \"tags\": [\"x_SICK Operating Guidelines\"]}, {\"url\": \"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\", \"tags\": [\"x_ICS-CERT recommended practices on Industrial Security\"]}, {\"url\": \"https://www.first.org/cvss/calculator/3.1\", \"tags\": [\"x_CVSS v3.1 Calculator\"]}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.json\", \"tags\": [\"x_The canonical URL.\"]}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.pdf\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"csaf2cve 0.2.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eAn attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-552\", \"description\": \"CWE-552 Files or Directories Accessible to External Parties\"}]}], \"providerMetadata\": {\"orgId\": \"a6863dd2-93fc-443d-bef1-79f0b5020988\", \"shortName\": \"SICK AG\", \"dateUpdated\": \"2026-03-06T07:56:35.445Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-2331\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-09T21:04:31.505Z\", \"dateReserved\": \"2026-02-11T09:33:16.256Z\", \"assignerOrgId\": \"a6863dd2-93fc-443d-bef1-79f0b5020988\", \"datePublished\": \"2026-03-06T07:56:35.445Z\", \"assignerShortName\": \"SICK AG\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…