Weak MAC Algorithms in SSH Service Affecting SICK Devices
CVE-2026-1627

6.5MEDIUM

Key Information:

Vendor: Sick Ag
Status: Sick Lms1000; Sick Mrs1000
Vendor: CVE Published:; 27 February 2026

What is CVE-2026-1627?

The vulnerability arises from the use of outdated and weak MAC (Message Authentication Code) algorithms in the SSH (Secure Shell) service of SICK devices. If an attacker can access the network traffic, they may exploit this weakness to compromise the integrity of SSH sessions. This exploitation could potentially allow manipulation of the data transmitted within the SSH session, raising significant security concerns for users relying on secure communications.

Affected Version(s)

SICK LMS1000 0

SICK MRS1000 0

References

https://sick.com/psirt

x_SICK PSIRT Security Advisories

https://www.sick.com/media/docs/9/19/719/special_informat...

x_SICK Operating Guidelines

https://www.cisa.gov/resources-tools/resources/ics-recomm...

x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2026
Vulnerability Reserved
Jan 29, 2026

CVE-2026-1627 Data

JSON

Sick Ag

What is CVE-2026-1627?

Affected Version(s)

References

CVSS V3.1

Timeline