CVE-2026-1626

{"id": "CVE-2026-1626", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@sick.de", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2026-02-27T09:16:15.863", "references": [{"url": "https://sick.com/psirt", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": ["US Government Resource"], "source": "psirt@sick.de"}, {"url": "https://www.first.org/cvss/calculator/3.1", "tags": ["Not Applicable"], "source": "psirt@sick.de"}, {"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.json", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.pdf", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@sick.de", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "An attacker may exploit the use of weak CBC-based cipher suites in the device\u2019s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic."}, {"lang": "es", "value": "Un atacante puede explotar el uso de suites de cifrado d\u00e9biles basadas en CBC en el servicio SSH del dispositivo para potencialmente observar o manipular partes de la comunicaci\u00f3n SSH cifrada, si son capaces de interceptar o interactuar con el tr\u00e1fico de red."}], "lastModified": "2026-03-05T02:13:42.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:lms1000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88192768-5BFB-4267-BF9A-7D35C79DC6AA", "versionEndExcluding": "2.4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:lms1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "909B274C-06A9-4AFB-A298-6E32A0BD11B7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sick:mrs1000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "487CA09F-7ECD-4A1F-A2CF-DAA9FA6C68BF", "versionEndExcluding": "2.4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sick:mrs1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A99E9D30-4967-46EB-A046-8FD8718FD9EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@sick.de"}