A critical warning regarding a severe authentication vulnerability affecting Iskra’s iHUB and iHUB Lite intelligent metering gateways used in energy infrastructure worldwide.
The flaw, tracked as CVE-2025-13510, carries a CVSS v4 severity score of 9.3, indicating an exploit that requires minimal technical complexity for attackers.
The vulnerability stems from the absence of an authentication mechanism on the web management interface of affected devices.
Iskra iHUB Security Vulnerability
This critical oversight allows unauthenticated remote attackers to access the device’s control panel without providing any credentials.
Potentially gaining the ability to reconfigure settings, update firmware, and manipulate connected systems within energy networks.
The identified vulnerable devices are deployed across the global energy sector, making this a significant concern for critical infrastructure operators.
Iskra did not respond to CISA’s coordination requests, leaving organizations without vendor-provided patches or official guidance beyond defensive mitigation strategies.
MetricDetailsCVE IDCVE-2025-13510Affected ProductsiHUB and iHUB Lite (All Versions)Vulnerability TypeMissing Authentication for Critical Function (CWE-306)CVSS v4 Score9.3Attack VectorNetwork-based, remotely exploitable
CISA recommends implementing network segmentation to isolate control system infrastructure from internet-facing networks.
Organizations should deploy these devices behind firewalls with restricted access. Consider implementing Virtual Private Networks for any necessary remote administration.
Defense-in-depth strategies should include network monitoring for suspicious administrative access attempts and anomalous configuration changes on affected devices.
The agency emphasizes that organizations should conduct thorough risk assessments before implementing defensive measures.
Report any suspected malicious activity to CISA for correlation with other incidents. Additional guidance is available through CISA’s Industrial Control Systems resources at cisa.gov/ics.
Including their comprehensive cybersecurity best practices documentation for protecting critical infrastructure assets.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post CISA Warns of Iskra iHUB Vulnerability Allowing Remote Device Reconfiguration appeared first on Cyber Security News.
