Description
The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-336-02
Scores
CVSS v4
9.3
EPSS
0.0057
EPSS Percentile
42.6%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (1)
Iskra/iHUB and iHUB Lite
All versions
Published
Dec 02, 2025
Tracked Since
Feb 18, 2026