PatchSiren cyber security CVE debrief
CVE-2026-1632 RISS SRL CVE debrief
CVE-2026-1632 is a critical authentication issue in RISS SRL MOMA Seismic Station. CISA says version v2.4.2520 and prior exposes the web management interface without requiring authentication, which could let an unauthenticated attacker modify configuration settings, acquire device data, or remotely reset the device. The supplied corpus does not include a KEV listing or any confirmed exploitation, but the exposure is network-reachable and high impact.
- Vendor
- RISS SRL
- Product
- MOMA Seismic Station
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-03
- Original CVE updated
- 2026-02-03
- Advisory published
- 2026-02-03
- Advisory updated
- 2026-02-03
Who should care
Operators, asset owners, and integrators using RISS SRL MOMA Seismic Station, especially where the management interface is reachable from broader OT, enterprise, or internet-connected networks.
Technical summary
The CISA CSAF advisory for CVE-2026-1632 states that MOMA Seismic Station v2.4.2520 and prior exposes its web management interface without authentication. That condition enables unauthenticated network access to management functions, including configuration changes, device data acquisition, and remote resets. The advisory supplies CVSS v3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, which evaluates to 9.1 Critical. The source corpus also records SSVCv2 E:N/A:Y with a timestamp of 2026-02-02T07:00:00Z. CISA further notes that RISS SRL did not respond to coordination.
Defensive priority
Immediate. Treat this as a high-risk exposed-management-interface issue: reduce reachability first, then validate affected versions and any available vendor guidance or compensating controls.
Recommended defensive actions
- Identify all MOMA Seismic Station deployments and confirm whether any are running v2.4.2520 or earlier.
- Restrict access to the web management interface to trusted administrative networks only; remove any unnecessary public or broad internal reachability.
- Use segmentation, VPN, jump hosts, and least-privilege admin paths for all management access.
- Contact RISS SRL at [email protected] for vendor guidance and remediation information.
- Review device configuration, access logs, and recent administrative activity for unexpected changes, device data access, or remote resets.
- Apply CISA ICS defensive guidance for access control, segmentation, and monitoring while remediation is pending.
- Validate backups and recovery procedures so devices can be restored quickly if configuration changes or resets occur.
Evidence notes
All substantive claims come from the supplied CISA CSAF source item and its official references. The advisory text explicitly states the affected version range, unauthenticated management exposure, possible impacts, and the vendor-coordination note. The corpus does not provide exploit code, incident confirmation, or a KEV listing for this CVE.
Official resources
-
CVE-2026-1632 CVE record
CVE.org
-
CVE-2026-1632 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2026-02-03T07:00:00.000Z as ICSA-26-034-03 / CVE-2026-1632. The advisory notes that RISS SRL did not respond to coordination. No KEV date was provided in the supplied corpus.