CVE-2026-22908
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick_ag | tdc-x401gl | to 1.4.0 (exc) |
| sick_ag | meac300 | * |
| sick_ag | lector8xx | * |
| sick_ag | inspectorp8xx | * |
| sick_ag | dl100-2xxxxxxx | * |
| sick_ag | flexi_compact | * |
| sick_ag | picoscan | * |
| sick_ag | multiscan | * |
| sick_ag | field_analytics | * |
| sick_ag | media_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves uploading unvalidated container images, which may allow remote attackers to gain full access to the system. This can lead to a compromise of the system's integrity and confidentiality, meaning attackers could potentially control the system and access sensitive data.
How can this vulnerability impact me? :
The vulnerability can have a severe impact by allowing attackers to gain full system access remotely. This compromises the integrity and confidentiality of the system, potentially leading to unauthorized data access, system manipulation, and disruption of availability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include preventing the upload of unvalidated container images to avoid remote attackers gaining full system access. Additionally, following general industrial cybersecurity best practices such as network segmentation, strict access controls, filtering outbound traffic, and secure remote access are recommended. Contacting SICK PSIRT for security advisories and applying any available patches or updates as soon as they are released is also advised. [1, 4]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain specific information regarding how CVE-2026-22908 affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The provided resources do not include specific commands or direct detection methods for CVE-2026-22908. However, general best practices for detecting vulnerabilities related to unvalidated container images include monitoring for unauthorized container uploads, inspecting container image sources, and verifying image signatures. Additionally, network monitoring and segmentation as described in SICK's cybersecurity guidelines can help detect suspicious activities. For detailed detection commands or tools, no information is available in the provided resources. [4]