Unrated severityNVD Advisory· Published Mar 6, 2026· Updated Mar 9, 2026
CVE-2026-2330
CVE-2026-2330
Description
An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- SICK AG/SICK Lector83xv5Range: 0
- SICK AG/SICK Lector85xv5Range: 0
Patches
Vulnerability mechanics
References
6- www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.pdfmitrevendor-advisory
- www.cisa.gov/resources-tools/resources/ics-recommended-practicesmitrex_ICS-CERT recommended practices on Industrial Security
- www.first.org/cvss/calculator/3.1mitrex_CVSS v3.1 Calculator
- www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.jsonmitrex_The canonical URL.
- www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdfmitrex_SICK Operating Guidelines
- www.sick.com/psirtmitrex_SICK PSIRT Security Advisories
News mentions
0No linked articles in our index yet.