OTPulse

Güralp Systems FMUS Series and MIN Series Devices (Update B)

Plan PatchCVSS 9.8ICS-CERT ICSA-25-212-01Jul 31, 2025
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Güralp FMUS Series and MIN Series devices contain an authentication bypass vulnerability in their Telnet interface (CVE-2025-8286). An attacker can remotely connect without credentials and modify hardware configurations, manipulate measurement data, or factory reset the device. FMUS Series devices in all versions are not receiving a patch. MIN Series devices (Minimus-based, including Fortimus and Certimus) receive protection through experimental firmware v2.1-29897, which adds Telnet authentication requirements. Güralp recommends network-level mitigations including firewall restrictions, VPN for remote access, and avoiding direct Internet exposure.

What this means
What could happen
An attacker with network access to a Güralp seismic monitoring device could reset the device to factory settings, modify sensor configurations, or corrupt measurement data without providing any credentials. This could render the device non-functional or cause false readings to be sent to your monitoring systems.
Who's at risk
Seismic monitoring sites and earthquake early warning systems using Güralp FMUS Series devices (all versions affected, no patch available) and Güralp MIN Series digitizing devices (patch available for v2.1-29897). This affects organizations operating real-time seismic monitoring networks, research institutions, and utilities relying on seismic data for safety and warning systems.
How it could be exploited
An attacker on the same network segment (or with network access to the device's Telnet port 23) can connect to the unprotected Telnet interface and execute commands to modify hardware configuration, manipulate data, or perform a factory reset without supplying any username or password.
Prerequisites
  • Network access to Telnet port 23 on the affected device
  • Device is reachable from the attacker's network segment or the Internet if not firewalled
Remotely exploitableNo authentication requiredLow complexity attackFMUS devices have no fix availableAffects seismic monitoring and safety systems
Exploitability
Unlikely to be exploited — EPSS score 0.6%
Affected products (2)
1 with fix1 pending
ProductAffected VersionsFix Status
Güralp FMUS Series Seismic Monitoring Devices: vers:all/*All versionsNo fix yet
Güralp MIN Series Digitizing Devices: vers:all/*All versionsv2.1-29897 (experimental)
Remediation & Mitigation
0/5
Do now
0/1
WORKAROUNDBlock inbound Telnet access (port 23) at the firewall unless specifically required for legitimate management
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MIN Series devices to firmware v2.1-29897 or later to enable Telnet authentication
Long-term hardening
0/3
HARDENINGImplement network segmentation to isolate seismic monitoring devices on a dedicated VLAN or management network separate from general IT networks
HARDENINGIf remote access to devices is required, use a VPN gateway or secure jump host instead of exposing devices directly to the network
HARDENINGEnsure all Güralp devices are behind firewall rules that restrict access to only authorized management workstations by IP address
View full CISA ICS-CERT advisory
API: /api/v1/advisories/58cecfcd-9acd-478a-ac05-bb07f30514f6

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Güralp Systems FMUS Series and MIN Series Devices (Update B) | CVSS 9.8 - OTPulse