CVE-2026-1840 | The Aclara Metrum Cellular Web Interface is vulnerable to un… | CVSS 7.5 HIGH

Description

The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without restriction. Such unauthorized changes can disrupt normal functionality and, if performed repeatedly, may lead to a loss of communications to the device.

Metadata

CVE ID: CVE-2026-1840
State: PUBLISHED
Assigner: icscert
Reserved: 2026-02-03 16:50 UTC
Published: 2026-06-24 19:47 UTC
Last updated: 2026-06-24 19:47 UTC
Primary CWE: CWE-306
CWE-306 Missing authentication for critical function
Vendor / Product: Hubbell / Aclara Metrum Cellular Web Interface
Sources: cve.org · NVD

Severity & Metrics

7.5 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products (1)

Vendor	Product	Platform	Versions
Hubbell	Aclara Metrum Cellular Web Interface	—	0 < 2.1.0.105

Weakness (CWE)

CWE	Source	Description
CWE-306	cna	CWE-306 Missing authentication for critical function

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.7	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
7.5	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (3)