CISA has issued a critical advisory regarding the Iskra iHUB and iHUB Lite smart metering gateways. A severe vulnerability (CVE-2025-13510, CVSS 9.3) allows unauthenticated remote attackers to access the web management interface, reconfigure devices, and manipulate connected energy systems without credentials.
Business Impact
This vulnerability poses a direct threat to the energy sector and critical infrastructure. Compromised gateways could allow attackers to disrupt power distribution, manipulate metering data, or use the devices as a pivot point to attack broader OT networks, leading to potential blackouts or safety incidents.
Why It Happened
The device exposes its critical management interface to the network without requiring any authentication by default, a fundamental security oversight in hardware designed for critical infrastructure.
Recommended Executive Action
Direct OT security teams to isolate Iskra iHUB devices immediately. Ensure they are not accessible from the public internet or corporate IT networks. Apply the latest firmware updates and place these devices behind strict firewalls or VPNs.
Hashtags: #CISA #ICS #OTSecurity #SmartGrid #EnergySector #Vulnerability #CriticalInfrastructure #InfoSec