Primary

Context

METZ CONNECT EWIO2 Series Path Traversal Vulnerability Leading to Remote Code Execution

Vulnerability

Patched

A path traversal vulnerability has been identified in METZ CONNECT EWIO2 series devices, specifically in the Energy-Controlling EWIO2-M, EWIO2-M-BM, and Ethernet-IO EWIO2-BM models, all running firmware prior to 2.2.0. This vulnerability allows low-privileged remote attackers to upload new Python scripts or overwrite existing ones, leading to remote code execution.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected device.

Remediation

Users are advised to update to version 2.2.0 or later. Schedule the update during the next maintenance window.

Added: Nov 18, 2025, 11:18 AM

Updated: Nov 18, 2025, 2:43 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

METZ CONNECT EWIO2 Series Path Traversal Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

METZ CONNECT Energy-Controlling EWIO2-M

METZ CONNECT Energy-Controlling EWIO2-M-BM

METZ CONNECT Ethernet-IO EWIO2-BM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating