Description

An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment.

INFO

Published Date :

2026-03-06T07:56:35.445Z

Last Modified :

2026-03-09T21:04:31.505Z

Source :

SICK AG
AFFECTED PRODUCTS

The following products are affected by CVE-2026-2331 vulnerability.

Vendors Products
Sick Ag
  • Sick Lector83x
  • Sick Lector85x
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-2331.

URL Resource
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices cve-icon cve-icon
https://www.first.org/cvss/calculator/3.1 cve-icon cve-icon
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.json cve-icon cve-icon
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.pdf cve-icon cve-icon
https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf cve-icon cve-icon
https://www.sick.com/psirt cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact