Anritsu Remote Spectrum Monitor

Act Now9.8ICS-CERT ICSA-26-090-01Mar 31, 2026

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Anritsu Remote Spectrum Monitor (MS27100A, MS27101A, MS27102A, MS27103A) contains a vulnerability that allows unauthenticated network attackers to alter operational settings, obtain sensitive RF signal data, or disrupt device availability. The vulnerability requires only network access and no credentials. Anritsu has stated it will not release a patch for this issue and recommends deployment in secure network environments as mitigation.

What this means

What could happen

An attacker with network access could alter measurement configurations, steal RF signal data, or disable the device entirely, disrupting spectrum monitoring and signal intelligence operations.

Who's at risk

RF and spectrum monitoring operations that rely on Anritsu Remote Spectrum Monitor devices (MS27100A, MS27101A, MS27102A, MS27103A models) used for signal intelligence, electromagnetic compliance testing, or spectrum surveillance. This includes telecom carriers, military/government agencies, broadcast facilities, and test labs.

How it could be exploited

An attacker on the same network as the Remote Spectrum Monitor can send unauthenticated requests to the device to modify settings, read captured signal data, or crash the service. No valid credentials or specialized tools are required.

Prerequisites

Network access to the Remote Spectrum Monitor device
No authentication credentials required

remotely exploitableno authentication requiredlow complexityno patch availableunauthenticated network access

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (4)

4 pending

ProductAffected VersionsFix Status

Remote Spectrum Monitor MS27100AAll versionsNo fix yet

Remote Spectrum Monitor MS27101AAll versionsNo fix yet

Remote Spectrum Monitor MS27102AAll versionsNo fix yet

Remote Spectrum Monitor MS27103AAll versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGSegment the Remote Spectrum Monitor onto an isolated network with strict access controls; only permit connections from authorized measurement workstations or data collectors

WORKAROUNDImplement firewall rules to block any network access to the Remote Spectrum Monitor from untrusted networks, corporate networks, or the internet

WORKAROUNDDisable any remote management or API access on the Remote Spectrum Monitor unless explicitly required for your operation

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from the Remote Spectrum Monitor for suspicious activity or unexpected connections

CVEs (1)

CVE-2026-3356

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f85afd08-7e92-41a7-84a5-c20c828d6a3b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.