CVE 8.7 HIGH

Missing authentication for critical function in Hubbell Aclara Metrum Cellular Web Interface_CVE-2026-1840

June 24, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without restriction. Such unauthorized changes can disrupt normal functionality and, if performed repeatedly, may lead to a loss of communications to the device.

AI Analysis

Missing authentication for critical function in Aclara Metrum Cellular Web Interface, allowing unauthorized access and changes to system settings.

Basic Information

ID CVE-2026-1840

Source icscert

Published Jun 24, 2026 at 19:47

Affected Product

Vendor Hubbell

Product Aclara Metrum Cellular Web Interface

Affected Versions Hubbell Aclara Metrum Cellular Web Interface 0

CWE Classification

CWE-306

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Hubbell

Product Aclara Metrum Cellular Web Interface

References

{
    "lastseen": "",
    "description": "The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without restriction. Such unauthorized changes can disrupt normal functionality and, if performed repeatedly, may lead to a loss of communications to the device.",
    "published": "2026-06-24T19:47:29.212Z",
    "modified": "2026-06-24T19:47:29.212Z",
    "type": "cve",
    "title": "Missing authentication for critical function in Hubbell Aclara Metrum Cellular Web Interface",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-07\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-174-07.json\nhttps://aclara.my.site.com/AclaraConnect/s/",
    "id": "CVE-2026-1840",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Hubbell Aclara Metrum Cellular Web Interface 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Aclara Metrum Cellular Web Interface",
    "version": "0",
    "vendor": "Hubbell",
    "ai_description": "Missing authentication for critical function in Aclara Metrum Cellular Web Interface, allowing unauthorized access and changes to system settings.",
    "ai_severity": "High",
    "ai_vendor": "Hubbell",
    "ai_product": "Aclara Metrum Cellular Web Interface",
    "ai_version": "0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply