CVE-2026-2330 CRITICAL

CVE-2026-2330: CVE-2026-2330

Vendor Sick Ag

Product SICK Lector85x

Weakness CWE-552 · Files accessible externally

Published March 6, 2026

Last update March 9, 2026

View on NVD All CVEs

CVSS base score

9.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters.

Key dates

02Disclosure timeline

March 6, 2026 CVE published

March 9, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-2330 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/552.html

Related vulnerabilities

Identifiers

CVE CVE-2026-2330

CWE CWE-552

CVSS 9.4 / CRITICAL

Affected versions

Vendor Sick Ag

Product SICK Lector85x

Affected < 2.8.0

Vendor Sick Ag

Product SICK Lector83x

Affected < 2.8.0

CVE-2026-2330: CVE-2026-2330

01Description

02Disclosure timeline

03References

04Related CVE