CNNVD-202511-2078 Information
CNNVD ID
CNNVD-202511-2078
Related CVE
- CNNVD Published: 2025-11-18
Description (Chinese)
METZ CONNECT Energy-Controlling EWIO2-M等都是德国METZ CONNECT公司的产品。METZ CONNECT Energy-Controlling EWIO2-M是一款高性能数据记录器。METZ CONNECT Energy-Controlling EWIO2-M-BM是一款高性能数据记录器。METZ CONNECT Ethernet-IO EWIO2-BM是一款传感器和执行器控制器。 METZ CONNECT多款产品存在访问控制错误漏洞,该漏洞源于Web服务器配置错误,可能导致未经身份验证的攻击者读取php模块源代码。以下产品受到影响:METZ CONNECT Energy-Controlling EWIO2-M、METZ CONNECT Energy-Controlling EWIO2-M-BM和METZ CONNECT Ethernet-IO EWIO2-BM。
Description (English)
METZ CONNECT Energy-Controlling EWIO2-M and others are products of METZ CONNECT, Germany. METZ CONNECT Energy-Controlling EWIO2-M is a high performance data recorder. METZ CONNECT Energy-Controlling EWIO2-M-BM is a high performance data recorder. METZ CONNECT Ethernet-IO EWIO2-BM is a sensor and an implementer controller. METZ CONNECT multi-purpose products have access control error holes, which stem from the error in the configuration of the Web server and may lead to unidentified assailants reading the php module source code. The following products were affected: METZ CONNECT Energy-Controlling EWIO2-M, METZ CONNECT Energy-Controlling EWIO2-M-BM and METZ CONNECT Ethernet-IO EWIO2-BM.
Hazard Level
Medium
Vulnerability Type
访问控制错误
Affected Vendor
METZ CONNECT
Published
2025-11-18
Last Modified
2026-02-24
References
https://certvde.com/de/advisories/VDE-2025-097
Patch
https://www.metz-connect.com/home.1e.en.html
Share on: