CVE-2026-1840

Name of the Vulnerable Software and Affected Versions Hubbell Aclara Metrum (affected versions not specified)

Description The Cellular Web Interface contains a flaw where missing authentication allows unauthenticated attackers to manipulate critical device settings and disrupt operations. This issue has been exploited to modify critical settings and establish persistent control over energy sector infrastructure across multiple networks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Implement runtime segmentation to limit the blast radius when industrial devices are compromised.