CVE-2026-1626

MEDIUM

Device SSH Service - Memory Corruption

Title source: llm

Description

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic.

References (6)

[Various Sources] https://sick.com/psirt

[Various Sources] https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf

[Third Party Advisory, US Government Resource] https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

[Various Sources] https://www.first.org/cvss/calculator/3.1

[Various Sources] https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.json

[Various Sources] https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.pdf

Scores

CVSS v3 6.5

EPSS 0.0002

EPSS Percentile 5.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-327

Status published

Products (2)

sick/lms1000_firmware < 2.4.1

sick/mrs1000_firmware < 2.4.1

Published Feb 27, 2026

Tracked Since Feb 27, 2026