Critical Authentication Bypass Reported in RISS SRL MOMA Seismic Stations
Take action: If you use MOMA Seismic Station seismic stations, isolate them off the public internet immediately and put them behind a firewall or VPN. Since the vendor hasn't responded with a patch, your only real defense is strict network isolation. And consider if it's feasible to replace these devices, especially if they are networked or connected to public systems.
Learn More
CISA reports a critical vulnerability in MOMA Seismic Station hardware by RISS SRL, an Italian manufacturer of specialized monitoring equipment.
The vulnerability is identified as CVE-2026-1632 (CVSS score 9.1) - missing authentication vulnerability in the web management interface that allows unauthenticated remote attackers to access the device control panel. The software fails to verify user identity before granting access to critical configuration functions. An attacker can exploit this by navigating directly to the web interface to modify settings, exfiltrate device data, or trigger a remote reset, effectively bypassing all intended security boundaries.
A successful breach allows attackers to create a denial-of-service (DoS) condition by resetting the device or altering its operational parameters.
The vulnerability impacts RISS SRL MOMA Seismic Station versions up to and including v2.4.2520. The vendor failed to respond to coordination attempts, so there is no official firmware patch.
CISA recommends isolating seismic stations off the open internet to prevent attacks. Administrators should use firewalls to separate industrial infrastructure from office computers. If remote access is required, use a VPN to create a secure tunnel.
