Primary

Context

SICK SSH Service Vulnerability in LMS1000 and MRS1000 Products Allowing Data Manipulation

Vulnerability

A vulnerability exists in the SSH service of SICK LMS1000 and MRS1000 product families, all versions prior to 2.4.1. The issue arises from the use of outdated and weak Message Authentication Code (MAC) algorithms, which could allow an attacker with network access to compromise the integrity of SSH sessions. This vulnerability could lead to unauthorized manipulation of transmitted data, particularly if the attacker can interact with the network traffic.

Impact

Exploitation of this vulnerability could result in unauthorized manipulation of data within an SSH session, compromising the integrity of the communication.

Remediation

Users are strongly recommended to upgrade to version 2.4.1. For SICK LMS1000, this applies to all versions through 2.4.0, and for SICK MRS1000, all versions through 2.4.0.

Added: Feb 27, 2026, 9:32 AM

Updated: Feb 27, 2026, 2:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

3.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

3.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SICK SSH Service Vulnerability in LMS1000 and MRS1000 Products Allowing Data Manipulation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating