Primary

Context

METZ CONNECT EWIO2 Series Remote Code Execution Vulnerability via Unrestricted File Upload

Vulnerability

Patched

A vulnerability allowing remote code execution has been identified in METZ CONNECT EWIO2 series devices, specifically in the Energy-Controlling EWIO2-M, EWIO2-M-BM, and Ethernet-IO EWIO2-BM models, all running firmware prior to 2.2.0. This issue arises from inadequate file validation, which enables low-privileged remote attackers to upload files to arbitrary locations on the device.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected device.

Remediation

Users are advised to update to version 2.2.0 or later. Schedule the update during the next maintenance window.

Added: Nov 18, 2025, 11:19 AM

Updated: Nov 18, 2025, 2:44 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

METZ CONNECT EWIO2 Series Remote Code Execution Vulnerability via Unrestricted File Upload

Vulnerability

Impact

Remediation

Affected Products

METZ CONNECT Energy-Controlling EWIO2-M

METZ CONNECT Energy-Controlling EWIO2-M-BM

METZ CONNECT Ethernet-IO EWIO2-BM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating