Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
Weak SSH Cipher Suites Expose Encrypted Data to Attackers
CVE-2026-1626
Summary
The device's SSH service uses weak encryption methods that could allow hackers to intercept and read or alter sensitive data being sent over the network. This is because the encryption methods used are not secure enough to protect against certain types of attacks. Update the device's SSH service to use stronger encryption methods to prevent this vulnerability.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| sick | lms1000_firmware | <= 2.4.1 | – |
| sick | mrs1000_firmware | <= 2.4.1 | – |
Original title
An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to interc...
Original description
An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic.
nvd CVSS3.1
9.1
Vulnerability type
CWE-327
Use of a Broken Cryptographic Algorithm
- https://sick.com/psirt Vendor Advisory
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices US Government Resource
- https://www.first.org/cvss/calculator/3.1 Not Applicable
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.json Vendor Advisory
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.pdf Vendor Advisory
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guid... Vendor Advisory
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026