CNNVD-202511-2081 Information
CNNVD ID
CNNVD-202511-2081
Related CVE
- CNNVD Published: 2025-11-18
Description (Chinese)
METZ CONNECT Energy-Controlling EWIO2-M等都是德国METZ CONNECT公司的产品。METZ CONNECT Energy-Controlling EWIO2-M是一款高性能数据记录器。METZ CONNECT Energy-Controlling EWIO2-M-BM是一款高性能数据记录器。METZ CONNECT Ethernet-IO EWIO2-BM是一款传感器和执行器控制器。 METZ CONNECT多款产品存在安全漏洞,该漏洞源于调试向导未验证设备是否已初始化,可能导致未经身份验证的攻击者设置root凭据。以下产品受到影响:METZ CONNECT Energy-Controlling EWIO2-M、METZ CONNECT Energy-Controlling EWIO2-M-BM和METZ CONNECT Ethernet-IO EWIO2-BM。
Description (English)
METZ CONNECT Energy-Controlling EWIO2-M and others are products of METZ CONNECT, Germany. METZ CONNECT Energy-Controlling EWIO2-M is a high performance data recorder. METZ CONNECT Energy-Controlling EWIO2-M-BM is a high performance data recorder. METZ CONNECT Ethernet-IO EWIO2-BM is a sensor and an implementer controller. There is a safety loophole in METZ CONNECT ’ s multiple products, which arises from the initialization of the uncertified equipment of the debugging guide, which may lead to the creation of root certificates by the attackor without identification. The following products were affected: METZ CONNECT Energy-Controlling EWIO2-M, METZ CONNECT Energy-Controlling EWIO2-M-BM and METZ CONNECT Ethernet-IO EWIO2-BM.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
METZ CONNECT
Published
2025-11-18
Last Modified
2026-02-24
References
https://certvde.com/de/advisories/VDE-2025-097 https://access.redhat.com/security/cve/cve-2025-41733
Patch
https://www.metz-connect.com/home.1e.en.html
Share on: