CVE-2026-1632 | THREATINT

Description

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device.

PUBLISHED Reserved 2026-01-29 | Published 2026-02-03 | Updated 2026-02-03 | Assigner icscert

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status

unaffected

Any version

affected

Credits

Souvik Kandar reported this vulnerability to CISA finder

References

www.cisa.gov/news-events/ics-advisories/icsa-26-034-03

github.com/...p/csaf_files/OT/white/2026/icsa-26-034-03.json

cve.org (CVE-2026-1632)

nvd.nist.gov (CVE-2026-1632)

Download JSON