Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-1626

Summary
Assigner-SICK AG
Assigner Org ID-a6863dd2-93fc-443d-bef1-79f0b5020988
Published At-27 Feb, 2026 | 08:40
Updated At-27 Feb, 2026 | 08:40
Rejected At-
Credits

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:SICK AG
Assigner Org ID:a6863dd2-93fc-443d-bef1-79f0b5020988
Published At:27 Feb, 2026 | 08:40
Updated At:27 Feb, 2026 | 08:40
Rejected At:
▼CVE Numbering Authority (CNA)

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic.

Affected Products
Vendor
SICK AGSICK AG
Product
SICK LMS1000
Default Status
unaffected
Versions
Affected
  • From 0 through <=2.4.0 (custom)
Vendor
SICK AGSICK AG
Product
SICK MRS1000
Default Status
unaffected
Versions
Affected
  • From 0 through <=2.4.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-327CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Type: CWE
CWE ID: CWE-327
Description: CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Users are strongly recommended to upgrade to release version 2.4.1.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sick.com/psirt
x_SICK PSIRT Security Advisories
https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
x_ICS-CERT recommended practices on Industrial Security
https://www.first.org/cvss/calculator/3.1
x_CVSS v3.1 Calculator
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.json
x_The canonical URL.
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.pdf
vendor-advisory
Hyperlink: https://sick.com/psirt
Resource:
x_SICK PSIRT Security Advisories
Hyperlink: https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
Resource:
x_SICK Operating Guidelines
Hyperlink: https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
Resource:
x_ICS-CERT recommended practices on Industrial Security
Hyperlink: https://www.first.org/cvss/calculator/3.1
Resource:
x_CVSS v3.1 Calculator
Hyperlink: https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.json
Resource:
x_The canonical URL.
Hyperlink: https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.pdf
Resource:
vendor-advisory
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@sick.de
Published At:27 Feb, 2026 | 09:16
Updated At:27 Feb, 2026 | 14:06

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-327Secondarypsirt@sick.de
CWE ID: CWE-327
Type: Secondary
Source: psirt@sick.de
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sick.com/psirtpsirt@sick.de
N/A
https://www.cisa.gov/resources-tools/resources/ics-recommended-practicespsirt@sick.de
N/A
https://www.first.org/cvss/calculator/3.1psirt@sick.de
N/A
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.jsonpsirt@sick.de
N/A
https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.pdfpsirt@sick.de
N/A
https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdfpsirt@sick.de
N/A
Hyperlink: https://sick.com/psirt
Source: psirt@sick.de
Resource: N/A
Hyperlink: https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
Source: psirt@sick.de
Resource: N/A
Hyperlink: https://www.first.org/cvss/calculator/3.1
Source: psirt@sick.de
Resource: N/A
Hyperlink: https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.json
Source: psirt@sick.de
Resource: N/A
Hyperlink: https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0005.pdf
Source: psirt@sick.de
Resource: N/A
Hyperlink: https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
Source: psirt@sick.de
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2023-5100
Matching Score-8
Assigner-SICK AG
ShareView Details
Matching Score-8
Assigner-SICK AG
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 22.56%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 12:05
Updated-19 Sep, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted.

Action-Not Available
Vendor-SICK AG
Product-apu0200apu0200_firmwareAPU0200
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2026-1627
Matching Score-6
Assigner-SICK AG
ShareView Details
Matching Score-6
Assigner-SICK AG
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 6.04%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 08:43
Updated-27 Feb, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data if the attacker can interact with the network traffic.

Action-Not Available
Vendor-SICK AG
Product-SICK MRS1000SICK LMS1000
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-49196
Matching Score-6
Assigner-SICK AG
ShareView Details
Matching Score-6
Assigner-SICK AG
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.24%
||
7 Day CHG+0.02%
Published-12 Jun, 2025 | 14:20
Updated-26 Jan, 2026 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deprecated TLS version supported

A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or spoof identities of other users or devices, affecting the confidentiality and integrity of the device.

Action-Not Available
Vendor-SICK AG
Product-field_analyticsSICK Field Analytics
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-43913
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.63%
||
7 Day CHG~0.00%
Published-07 Oct, 2025 | 18:54
Updated-14 Oct, 2025 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Use of a Broken or Risky Cryptographic Algorithm vulnerability in the DDOS. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature ReleasePowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2025
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-27458
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.25%
||
7 Day CHG~0.00%
Published-03 Jul, 2025 | 11:33
Updated-06 Feb, 2026 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2025-27458

The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encryption. The challenge is sent from the server to the client, is encrypted by the client and sent back. The server does the same encryption locally and if the responses match it is prooven that the client knows the correct password. Since all VNC communication is unencrypted, an attacker can obtain the challenge and response and try to derive the password from this information.

Action-Not Available
Vendor-endressEndress+Hauser
Product-meac300-fnade4meac300-fnade4_firmwareEndress+Hauser MEAC300-FNADE4
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-22192
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.53%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 21:44
Updated-16 Jun, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders

Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a verifiable presentation that includes a Non-Revocation proof. The impact of the flaw is that a malicious verifier may be able to determine a unique identifier for a holder presenting a Non-Revocation proof. Ursa has moved to end-of-life status and no fix is expected.

Action-Not Available
Vendor-hyperledgerhyperledger-archives
Product-ursaursa
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
Details not found