CVE-2026-22908
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: SICK AG

Description
Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-15
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22908
EUVD
EUVD-2026-2823
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
sick_ag tdc-x401gl to 1.4.0 (exc)
sick_ag meac300 *
sick_ag lector8xx *
sick_ag inspectorp8xx *
sick_ag dl100-2xxxxxxx *
sick_ag flexi_compact *
sick_ag picoscan *
sick_ag multiscan *
sick_ag field_analytics *
sick_ag media_server *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves uploading unvalidated container images, which may allow remote attackers to gain full access to the system. This can lead to a compromise of the system's integrity and confidentiality, meaning attackers could potentially control the system and access sensitive data.

Impact Analysis

The vulnerability can have a severe impact by allowing attackers to gain full system access remotely. This compromises the integrity and confidentiality of the system, potentially leading to unauthorized data access, system manipulation, and disruption of availability.

Mitigation Strategies

Immediate mitigation steps include preventing the upload of unvalidated container images to avoid remote attackers gaining full system access. Additionally, following general industrial cybersecurity best practices such as network segmentation, strict access controls, filtering outbound traffic, and secure remote access are recommended. Contacting SICK PSIRT for security advisories and applying any available patches or updates as soon as they are released is also advised. [1, 4]

Compliance Impact

The provided resources do not contain specific information regarding how CVE-2026-22908 affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

The provided resources do not include specific commands or direct detection methods for CVE-2026-22908. However, general best practices for detecting vulnerabilities related to unvalidated container images include monitoring for unauthorized container uploads, inspecting container image sources, and verifying image signatures. Additionally, network monitoring and segmentation as described in SICK's cybersecurity guidelines can help detect suspicious activities. For detailed detection commands or tools, no information is available in the provided resources. [4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22908. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart