← Back
2026-02-03 22:59CVE-2026-1632icscert
PUBLISHED5.2CWE-306

RISS SRL MOMA Seismic Station Missing Authentication for Critical Function

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device.

Problem type

Affected products

RISS SRL

MOMA Seismic Station

<= Version v2.4.2520 - AFFECTED

References

cisa.gov

https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-03

github.com

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-034-03.json

GitHub Security Advisories

GHSA-f67h-gfg7-pmp5

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without...

https://github.com/advisories/GHSA-f67h-gfg7-pmp5

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-1632

github.com

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-034-03.json

cisa.gov

https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-03

github.com

https://github.com/advisories/GHSA-f67h-gfg7-pmp5

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-1632
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-1632",
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "dateUpdated": "2026-02-03T22:59:32.539Z",
    "dateReserved": "2026-01-29T16:00:44.404Z",
    "datePublished": "2026-02-03T22:59:32.539Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert",
        "dateUpdated": "2026-02-03T22:59:32.539Z"
      },
      "datePublic": "2026-02-03T19:00:00.000Z",
      "title": "RISS SRL MOMA Seismic Station Missing Authentication for Critical Function",
      "descriptions": [
        {
          "lang": "en",
          "value": "MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device."
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "RISS SRL",
          "product": "MOMA Seismic Station",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "0",
              "status": "affected",
              "versionType": "custom",
              "lessThanOrEqual": "Version v2.4.2520"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "cweId": "CWE-306",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-03"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-034-03.json"
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ],
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL"
          }
        },
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "workarounds": [
        {
          "lang": "en",
          "value": "RISS SRL did not respond to CISA's request for coordination. Users of \nRISS MOMA Seismic Station are encouraged to contact RISS SRL \n(info@riss-srl.com) for more information.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "RISS SRL did not respond to CISA's request for coordination. Users of \nRISS MOMA Seismic Station are encouraged to contact RISS SRL \n(info@riss-srl.com) for more information.\n\n<br>"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Souvik Kandar reported this vulnerability to CISA",
          "type": "finder"
        }
      ]
    }
  }
}