Iskra iHUB and iHUB Lite

Published:

2 december 2025 om 12:00:00

Alert date:

5 december 2025 om 08:03:23

Source:

cisa.gov

CISA advisory for a critical vulnerability in Iskra iHUB and iHUB Lite smart metering gateways. The devices expose their web management interface without authentication, allowing remote attackers to reconfigure devices, update firmware, and manipulate connected systems. Affects all versions of the products deployed worldwide in energy infrastructure. CVSS v4 score of 9.3 with remote exploitation capability and low attack complexity. Iskra has not responded to CISA coordination requests.

Technical details

Mitigation steps:

Affected products:

Iskra iHUB
Iskra iHUB Lite

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-336-02
https://github.com/cisagov/CSAF
https://cwe.mitre.org/data/definitions/306.html
https://www.cve.org/CVERecord?id=CVE-2025-13510
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
https://www.iskra.eu/en/Where-Are-We/
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.cisa.gov/topics/industrial-control-systems
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B

Related CVE's:

CVE-2025-13510

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.