CVE-2026-1840 Hubbell CVE debrief

Who should care

Organizations using the Hubbell Aclara Metrum Cellular Web Interface should prioritize patching this vulnerability to prevent potential disruptions to their operations. Additionally, security teams and IT administrators responsible for industrial control systems should be aware of this vulnerability and take steps to mitigate its impact.

Technical summary

The Aclara Metrum Cellular Web Interface lacks authentication controls on critical system functions, allowing unauthorized access and potential disruptions to normal functionality. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity. The affected product is Hubbell Aclara Metrum Cellular Web Interface: <v2.1.0.105. Hubbell encourages users to update their firmware to v2.1.0.105 to minimize network exposure and ensure that devices are not accessible from the Internet.

Defensive priority

Patching this vulnerability is a high priority due to its potential impact on operational functionality and the high severity of the vulnerability. Organizations should update their firmware to v2.1.0.105 as soon as possible.

Recommended defensive actions

• Update firmware to v2.1.0.105
• Minimize network exposure to prevent unauthorized access
• Ensure devices are not accessible from the Internet
• Monitor system functionality for potential disruptions
• Implement additional security controls to detect and prevent exploitation

Evidence notes

The vulnerability was publicly disclosed on June 23, 2026, and has a CVSS score of 7.5. The affected product is Hubbell Aclara Metrum Cellular Web Interface: <v2.1.0.105. Hubbell encourages users to update their firmware to v2.1.0.105 to minimize network exposure.

Official resources