{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1626", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2026-01-29T15:06:29.934Z", "datePublished": "2026-02-27T08:40:53.328Z", "dateUpdated": "2026-02-27T08:40:53.328Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SICK LMS1000", "vendor": "SICK AG", "versions": [{"lessThanOrEqual": "<=2.4.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "SICK MRS1000", "vendor": "SICK AG", "versions": [{"lessThanOrEqual": "<=2.4.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An attacker may exploit the use of weak CBC-based cipher suites in the device\u2019s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic."}], "value": "An attacker may exploit the use of weak CBC-based cipher suites in the device\u2019s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2026-02-27T08:40:53.328Z"}, "references": [{"tags": ["x_SICK PSIRT Security Advisories"], "url": "https://sick.com/psirt"}, {"tags": ["x_SICK Operating Guidelines"], "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"}, {"tags": ["x_ICS-CERT recommended practices on Industrial Security"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"tags": ["x_CVSS v3.1 Calculator"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"tags": ["x_The canonical URL."], "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.json"}, {"tags": ["vendor-advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Users are strongly recommended to upgrade to release version 2.4.1.</p>"}], "value": "Users are strongly recommended to upgrade to release version 2.4.1."}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sick:lms1000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "88192768-5BFB-4267-BF9A-7D35C79DC6AA", "versionEndExcluding": "2.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sick:lms1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "909B274C-06A9-4AFB-A298-6E32A0BD11B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sick:mrs1000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "487CA09F-7ECD-4A1F-A2CF-DAA9FA6C68BF", "versionEndExcluding": "2.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sick:mrs1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "A99E9D30-4967-46EB-A046-8FD8718FD9EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker may exploit the use of weak CBC-based cipher suites in the device\u2019s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic."}], "id": "CVE-2026-1626", "lastModified": "2026-03-05T02:13:42.007", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "[email protected]", "type": "Primary"}]}, "published": "2026-02-27T09:16:15.863", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://sick.com/psirt"}, {"source": "[email protected]", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"source": "[email protected]", "tags": ["Not Applicable"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.json"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.pdf"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "[email protected]", "type": "Secondary"}]}

{}