CNNVD-202511-2079 Information
CNNVD ID
CNNVD-202511-2079
Related CVE
- CNNVD Published: 2025-11-18
Description (Chinese)
METZ CONNECT Energy-Controlling EWIO2-M等都是德国METZ CONNECT公司的产品。METZ CONNECT Energy-Controlling EWIO2-M是一款高性能数据记录器。METZ CONNECT Energy-Controlling EWIO2-M-BM是一款高性能数据记录器。METZ CONNECT Ethernet-IO EWIO2-BM是一款传感器和执行器控制器。 METZ CONNECT多款产品存在安全漏洞,该漏洞源于路径遍历,可能导致低权限攻击者上传或覆盖python脚本并执行远程代码。以下产品受到影响:METZ CONNECT Energy-Controlling EWIO2-M、METZ CONNECT Energy-Controlling EWIO2-M-BM和METZ CONNECT Ethernet-IO EWIO2-BM。
Description (English)
METZ CONNECT Energy-Controlling EWIO2-M and others are products of METZ CONNECT, Germany. METZ CONNECT Energy-Controlling EWIO2-M is a high performance data recorder. METZ CONNECT Energy-Controlling EWIO2-M-BM is a high performance data recorder. METZ CONNECT Ethernet-IO EWIO2-BM is a sensor and an implementer controller. There is a safety loophole in METZ CONNECT ’ s multiple products, which stems from the routing, which may lead to low-authority attackers uploading or covering python scripts and implementing remote codes. The following products were affected: METZ CONNECT Energy-Controlling EWIO2-M, METZ CONNECT Energy-Controlling EWIO2-M-BM and METZ CONNECT Ethernet-IO EWIO2-BM.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
METZ CONNECT
Published
2025-11-18
Last Modified
2026-02-24
References
https://certvde.com/de/advisories/VDE-2025-097
Patch
https://www.metz-connect.com/home.1e.en.html
Share on: