CVE-2026-1632
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| RISS SRL | MOMA Seismic Station | 0 <= Version v2.4.2520 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
Workarounds
RISS SRL did not respond to CISA's request for coordination. Users of RISS MOMA Seismic Station are encouraged to contact RISS SRL (info@riss-srl.com) for more information.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-03
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-034-03.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.