CVE-2026-1626 - Vulnerability Details

- Weak CBC Cipher Suites Allow Possible Compromise of SSH Communication

Description

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic.

Published: 2026-02-27

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

SICK AG products LMS1000 and MRS1000 expose weak CBC‑based cipher suites in their SSH service, a flaw classified as CWE‑327. An attacker who can intercept or interact with the network traffic may observe portions of the encrypted SSH communication or insert malicious payloads into the data stream. The vulnerability does not grant immediate remote code execution but undermines the confidentiality and integrity of the SSH channel.

Affected Systems

The affected devices are SICK AG’s LMS1000 and MRS1000 line of safety‑related equipment, specifically the firmware components of these models. Users should verify the firmware version and apply the vendor‑recommended update to release 2.4.1, which removes the vulnerable cipher suites.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate risk, while the EPSS score of less than 1% points to a low probability of exploitation in the wild. The vulnerability is not listed as a Known Exploited Vulnerability. The likely attack vector requires an attacker to be on the same network segment to intercept SSH traffic or to have some level of connectivity to the device’s SSH service. Because the issue is limited to cryptographic misconfiguration rather than a code logic flaw, the likelihood of successful exploitation remains modest but the potential impact on sensitive safety‑engineered communications warrants timely mitigation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SICK AG

SICK LMS1000

unaffected

Version	Status	Constraints
`0`	affected	≤ <=2.4.0

SICK AG

SICK MRS1000

unaffected

Version	Status	Constraints
`0`	affected	≤ <=2.4.0

Configuration 1 [-]

AND

cpe:2.3:o:sick:lms1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:lms1000:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:sick:mrs1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sick:mrs1000:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Sick Ag

Sick Lms1000

100%

Version	Status	Scheme	Platform
`[0,2.4.0]`	affected	generic	—

Sick Ag

Sick Mrs1000

100%

Version	Status	Scheme	Platform
`[0,2.4.0]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

Users are strongly recommended to upgrade to release version 2.4.1.

OpenCVE Recommended Actions

Upgrade firmware to release 2.4.1 to eliminate weak CBC cipher suites
Disable the SSH service on devices that do not require remote access
Configure SSH to use only robust, authenticated cipher suites such as AES‑256‑GCM and turn off all CBC options
Restrict SSH access to trusted IP ranges via firewall or ACLs
Monitor network traffic for anomalous SSH packets to detect unauthorized manipulation attempts

Generated by OpenCVE AI on April 16, 2026 at 15:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00021.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://sick.com/psirt
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.json
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.pdf
https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf

History

Thu, 16 Apr 2026 15:45:00 +0000

Type	Values Removed	Values Added
Title		Weak CBC Cipher Suites Allow Possible Compromise of SSH Communication

Fri, 06 Mar 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 05 Mar 2026 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sick Sick lms1000 Sick lms1000 Firmware Sick mrs1000 Sick mrs1000 Firmware
CPEs		cpe:2.3:h:sick:lms1000:-:::::::* cpe:2.3:h:sick:mrs1000:-:::::::* cpe:2.3:o:sick:lms1000_firmware:::::::: cpe:2.3:o:sick:mrs1000_firmware::::::::
Vendors & Products		Sick Sick lms1000 Sick lms1000 Firmware Sick mrs1000 Sick mrs1000 Firmware

Fri, 27 Feb 2026 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sick Ag Sick Ag sick Lms1000 Sick Ag sick Mrs1000
Vendors & Products		Sick Ag Sick Ag sick Lms1000 Sick Ag sick Mrs1000

Fri, 27 Feb 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic.
Weaknesses		CWE-327
References		https://sick.com/psirt https://www.cisa.gov/resources-tools/resources/ics-recommended-practices https://www.first.org/cvss/calculator/3.1 https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.json https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.pdf https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}`

Subscriptions

Sick Lms1000 Lms1000 Firmware Mrs1000 Mrs1000 Firmware

Sick Ag Sick Lms1000 Sick Mrs1000

MITRE

Status: PUBLISHED

Assigner: SICK AG

Published: 2026-02-27T08:40:53.328Z

Updated: 2026-03-06T18:44:04.057Z

Reserved: 2026-01-29T15:06:29.934Z

Link: CVE-2026-1626

Vulnrichment

Updated: 2026-03-06T18:43:57.677Z

NVD

Status : Analyzed

Published: 2026-02-27T09:16:15.863

Modified: 2026-03-05T02:13:42.007

Link: CVE-2026-1626

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T15:30:06Z

Weaknesses

CWE-327

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object