CVE-2026-1626

{"id": "CVE-2026-1626", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@sick.de", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2026-02-27T09:16:15.863", "references": [{"url": "https://sick.com/psirt", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": ["US Government Resource"], "source": "psirt@sick.de"}, {"url": "https://www.first.org/cvss/calculator/3.1", "tags": ["Not Applicable"], "source": "psirt@sick.de"}, {"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.json", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.pdf", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@sick.de", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "An attacker may exploit the use of weak CBC-based cipher suites in the device\u2019s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic."}], "lastModified": "2026-03-05T02:13:42.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:lms1000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88192768-5BFB-4267-BF9A-7D35C79DC6AA", "versionEndExcluding": "2.4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:lms1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "909B274C-06A9-4AFB-A298-6E32A0BD11B7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:mrs1000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "487CA09F-7ECD-4A1F-A2CF-DAA9FA6C68BF", "versionEndExcluding": "2.4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:mrs1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A99E9D30-4967-46EB-A046-8FD8718FD9EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@sick.de"}