RISS SRL MOMA Seismic Station

Plan PatchCVSS 9.1ICS-CERT ICSA-26-034-03Feb 3, 2026

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

RISS MOMA Seismic Station versions 2.4.2520 and earlier contain a vulnerability that allows an unauthenticated attacker to create a denial-of-service condition. The vendor did not respond to CISA coordination requests. No patch has been released and none is planned.

What this means

What could happen

An unauthenticated attacker could create a denial-of-service condition on the MOMA Seismic Station, potentially disrupting seismic monitoring operations that may be critical for earthquake detection and hazard assessment.

Who's at risk

Organizations operating RISS MOMA Seismic Stations for earthquake detection and hazard monitoring should be concerned. This affects seismic monitoring networks, geological survey operations, and any facility relying on continuous seismic data collection for early warning or research purposes.

How it could be exploited

An attacker with network access to the MOMA Seismic Station could send specially crafted requests to trigger a denial-of-service condition without needing credentials. The attack requires only network connectivity to the device.

Prerequisites

Network access to the MOMA Seismic Station on its service port
No authentication credentials required

remotely exploitableno authentication requiredlow complexityno patch availableaffects safety systems

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

MOMA Seismic Station: <=v2.4.2520≤ v2.4.2520No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to the MOMA Seismic Station to only authorized management and monitoring hosts using firewall rules

HARDENINGMonitor network traffic to the seismic station for unusual or malicious requests and implement rate limiting if possible

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact RISS SRL (info@riss-srl.com) to determine if a firmware update or security patch is available

Mitigations - no patch available

0/1

MOMA Seismic Station: <=v2.4.2520 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegment the seismic monitoring network from general IT infrastructure and untrusted networks

CVEs (1)

CVE-2026-1632

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/46d7c19e-a799-4597-9c59-382fa0f7168c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.