CNNVD-202511-2080 Information
CNNVD ID
CNNVD-202511-2080
Related CVE
- CNNVD Published: 2025-11-18
Description (Chinese)
METZ CONNECT Energy-Controlling EWIO2-M等都是德国METZ CONNECT公司的产品。METZ CONNECT Energy-Controlling EWIO2-M是一款高性能数据记录器。METZ CONNECT Energy-Controlling EWIO2-M-BM是一款高性能数据记录器。METZ CONNECT Ethernet-IO EWIO2-BM是一款传感器和执行器控制器。 METZ CONNECT多款产品存在代码问题漏洞,该漏洞源于缺少文件检查,可能导致低权限攻击者上传任意文件并执行远程代码。以下产品受到影响:METZ CONNECT Energy-Controlling EWIO2-M、METZ CONNECT Energy-Controlling EWIO2-M-BM和METZ CONNECT Ethernet-IO EWIO2-BM。
Description (English)
METZ CONNECT Energy-Controlling EWIO2-M and others are products of METZ CONNECT, Germany. METZ CONNECT Energy-Controlling EWIO2-M is a high performance data recorder. METZ CONNECT Energy-Controlling EWIO2-M-BM is a high performance data recorder. METZ CONNECT Ethernet-IO EWIO2-BM is a sensor and an implementer controller. There is a code gap in METZ CONNECT ’ s multiple products, which stems from a lack of document checks and may lead to the uploading of random documents and the implementation of remote codes by low-authority attackers. The following products were affected: METZ CONNECT Energy-Controlling EWIO2-M, METZ CONNECT Energy-Controlling EWIO2-M-BM and METZ CONNECT Ethernet-IO EWIO2-BM.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
METZ CONNECT
Published
2025-11-18
Last Modified
2026-02-24
References
https://certvde.com/de/advisories/VDE-2025-097
Patch
https://www.metz-connect.com/home.1e.en.html
Share on: