Primary

Context

Güralp FMUS Series Seismic Monitoring Devices Unauthenticated Telnet Command Injection Vulnerability

Vulnerability

A vulnerability exists in all versions of the Güralp FMUS series seismic monitoring devices, which expose an unauthenticated Telnet-based command line interface. This flaw could allow an attacker to modify hardware configurations, manipulate data, or perform a factory reset on the device.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in hardware settings, data manipulation, or a complete factory reset of the device.

Remediation

Güralp has not responded to coordination attempts. Users are encouraged to contact Güralp and keep their systems updated. CISA recommends minimizing network exposure for control system devices, using firewalls to isolate these devices from business networks, and employing secure remote access methods such as Virtual Private Networks (VPNs).

Added: Jul 31, 2025, 8:18 PM

Updated: Jul 31, 2025, 8:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Güralp FMUS Series Seismic Monitoring Devices Unauthenticated Telnet Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating