BACK TO NEWS
CERT Advisories

Critical Authentication Flaw in RISS SRL MOMA Seismic Stations Exposed

2 min readSource: INCIBE-CERT

INCIBE-CERT warns of unauthenticated access vulnerability in RISS SRL MOMA seismic monitoring systems, enabling remote control and data manipulation.

Critical Authentication Flaw Discovered in RISS SRL MOMA Seismic Stations

Madrid, Spain – February 4, 2026 – INCIBE-CERT has issued an urgent security advisory regarding a severe authentication vulnerability in MOMA seismic monitoring stations developed by RISS SRL. The flaw, which allows unauthenticated remote access, poses significant risks to critical infrastructure operations.

Technical Details

The vulnerability enables attackers to bypass authentication mechanisms entirely, granting full remote control over affected MOMA seismic stations. With no authentication required, malicious actors could:

  • Execute arbitrary commands on the system
  • Manipulate seismic data readings
  • Disrupt monitoring operations
  • Gain persistent access to the network

While INCIBE-CERT has not disclosed specific technical exploitation details, the complete lack of authentication suggests either:

  • A missing authentication implementation in the control interface
  • Hardcoded or default credentials that cannot be changed
  • An authentication bypass vulnerability in the communication protocol

Impact Analysis

This vulnerability presents severe risks to organizations relying on MOMA seismic stations, particularly:

Critical Infrastructure Operators:

  • Oil and gas facilities
  • Nuclear power plants
  • Geological survey organizations
  • Early warning earthquake systems

Potential Attack Scenarios:

  1. Data Manipulation: Attackers could alter seismic readings to mask actual geological activity or trigger false alarms
  2. Operational Disruption: Remote shutdown of monitoring systems could blind operators to real seismic events
  3. Lateral Movement: Compromised seismic stations could serve as entry points to broader operational networks
  4. Physical Damage: In extreme cases, manipulated data could lead to incorrect structural responses in critical facilities

Recommendations

INCIBE-CERT advises immediate action for all organizations using MOMA seismic stations:

  1. Network Segmentation: Isolate seismic monitoring systems from corporate and operational networks
  2. Access Controls: Implement strict firewall rules to limit access to only authorized IP addresses
  3. Monitoring: Deploy enhanced network monitoring to detect unusual activity on seismic station connections
  4. Vendor Contact: Immediately contact RISS SRL for security patches and mitigation guidance
  5. Compensating Controls: Consider deploying network intrusion prevention systems (IPS) with custom signatures for MOMA station traffic

Organizations should treat this vulnerability with the highest priority given the potential consequences for public safety and critical infrastructure protection. INCIBE-CERT continues to monitor the situation and will provide updates as more information becomes available.

For technical assistance, contact INCIBE-CERT through their official channels.

Share

TwitterLinkedIn