CVE-2026-1632

CRITICAL

MOMA Seismic Station <v2.4.2520 - Info Disclosure

Title source: llm

Description

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device.

References (2)

[Various Sources] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-034-03.json

View Writeup ZIP pw:eip

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-03

Scores

CVSS v3 9.1

EPSS 0.0023

EPSS Percentile 45.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-306

Status draft

Timeline

Published Feb 03, 2026

Tracked Since Feb 18, 2026