Vulnerability Description
An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sick | Lms1000 Firmware | < 2.4.1 |
| Sick | Lms1000 | - |
| Sick | Mrs1000 Firmware | < 2.4.1 |
| Sick | Mrs1000 | - |
Related Weaknesses (CWE)
References
- https://sick.com/psirtVendor Advisory
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practicesUS Government Resource
- https://www.first.org/cvss/calculator/3.1Not Applicable
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.jsonVendor Advisory
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.pdfVendor Advisory
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidVendor Advisory
FAQ
What is CVE-2026-1626?
CVE-2026-1626 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept...
How severe is CVE-2026-1626?
CVE-2026-1626 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-1626?
Check the references section above for vendor advisories and patch information. Affected products include: Sick Lms1000 Firmware, Sick Lms1000, Sick Mrs1000 Firmware, Sick Mrs1000.