CVE-2026-1627

MEDIUM

Device SSH Service - Memory Corruption

Title source: llm

Description

An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic.

References (6)

[Various Sources] https://sick.com/psirt

[Various Sources] https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf

[Third Party Advisory, US Government Resource] https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

[Various Sources] https://www.first.org/cvss/calculator/3.1

[Various Sources] https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.json

[Various Sources] https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.pdf

Scores

CVSS v3 6.5

EPSS 0.0002

EPSS Percentile 5.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-327

Status published

Products (2)

sick/lms1000_firmware < 2.4.1

sick/mrs1000_firmware < 2.4.1

Published Feb 27, 2026

Tracked Since Feb 27, 2026