All news with #iskra tag

Iskra iHUB/iHUB Lite: Unauthenticated Web Interface Alert

🔒 CISA reports a high‑severity Missing Authentication for Critical Function vulnerability (CVE-2025-13510) affecting all versions of Iskra’s iHUB and iHUB Lite smart metering gateways, where the web management interface requires no credentials. With a CVSS v4 base score of 9.3, an unauthenticated remote attacker could reconfigure devices, update firmware, and manipulate connected systems. Iskra did not respond to coordination requests; CISA recommends isolating devices from the Internet, placing them behind firewalls, and using secure remote access methods such as VPNs while recognizing their limitations.