OTPulse
FeedBriefingsAboutContactSubscribe

Anritsu Remote Spectrum Monitor

Act Now9.8ICS-CERT ICSA-26-090-01Mar 31, 2026
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A missing authentication vulnerability in Anritsu Remote Spectrum Monitor devices (MS27100A, MS27101A, MS27102A, MS27103A) allows attackers with network access to alter operational settings, obtain sensitive RF signal data, or disrupt device availability. Anritsu has no plans to issue a patch. Mitigation requires deploying the devices only within secure, isolated network environments with strict access controls.

What this means
What could happen
An attacker with network access could change measurement settings on the Remote Spectrum Monitor, steal RF signal data, or cause the device to stop functioning, disrupting your spectrum monitoring and potentially affecting network planning or regulatory compliance activities.
Who's at risk
RF and telecommunications organizations that use Anritsu Remote Spectrum Monitor devices (MS27100A, MS27101A, MS27102A, MS27103A series) for spectrum analysis, interference monitoring, and signal intelligence should be concerned. The risk is highest if these devices are connected to general corporate networks or accessible from the internet.
How it could be exploited
An attacker on your network or reachable from the internet (if the device is exposed) can send network commands to the Remote Spectrum Monitor without providing valid credentials. This allows them to directly alter operational parameters, read sensitive measurement data, or crash the device.
Prerequisites
  • Network access to the Remote Spectrum Monitor (either from the same network segment or from the internet if not protected by a firewall)
remotely exploitableno authentication requiredlow complexityno patch availablecritical CVSS score (9.8)
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (4)
4 pending
ProductAffected VersionsFix Status
Remote Spectrum Monitor MS27100AAll versionsNo fix yet
Remote Spectrum Monitor MS27101AAll versionsNo fix yet
Remote Spectrum Monitor MS27102AAll versionsNo fix yet
Remote Spectrum Monitor MS27103AAll versionsNo fix yet
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict network access to Remote Spectrum Monitor devices using firewall rules; allow connections only from authorized engineering workstations and management systems on a dedicated network segment
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement network monitoring to detect unauthorized access attempts to Remote Spectrum Monitor devices and alert on any configuration changes
WORKAROUNDContact Anritsu Technical Support (1-800-267-4878) to discuss additional compensating controls or possible alternatives given the lack of vendor patch availability
Long-term hardening
0/1
HARDENINGIsolate Remote Spectrum Monitor devices on a separate, air-gapped or physically segregated network segment with no direct connection to general corporate networks or the internet
View full CISA ICS-CERT advisory
API: /api/v1/advisories/f85afd08-7e92-41a7-84a5-c20c828d6a3b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Anritsu Remote Spectrum Monitor | CVSS 9.8 - OTPulse