Skip to main content

Aclara Metrum Cellular Web Interface

1 CVEs product

Monthly

CVE-2026-1840 HIGH PATCH CISA Act Now

Missing authentication in the Aclara Metrum Cellular Web Interface (a Hubbell/Aclara cellular communications module used in utility smart-grid metering) lets remote attackers reach critical system functions without any credentials. Per the CVSS:4.0 vector (PR:N/UI:N) an unauthenticated network attacker can read and modify operational configuration and force device restarts, and repeated restarts can sever device communications - a pure availability impact (VA:H, no confidentiality or integrity loss). There is no public exploit identified at time of analysis and this CVE is not listed in CISA KEV; EPSS data was not provided.

Authentication Bypass Aclara Metrum Cellular Web Interface
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
EPSS 1% CVSS 8.7
HIGH PATCH Act Now

Missing authentication in the Aclara Metrum Cellular Web Interface (a Hubbell/Aclara cellular communications module used in utility smart-grid metering) lets remote attackers reach critical system functions without any credentials. Per the CVSS:4.0 vector (PR:N/UI:N) an unauthenticated network attacker can read and modify operational configuration and force device restarts, and repeated restarts can sever device communications - a pure availability impact (VA:H, no confidentiality or integrity loss). There is no public exploit identified at time of analysis and this CVE is not listed in CISA KEV; EPSS data was not provided.

Authentication Bypass Aclara Metrum Cellular Web Interface
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy