Primary

Context

METZ CONNECT EWIO2 Series PHP Module Source Code Disclosure Vulnerability

Vulnerability

Patched

A vulnerability exists in METZ CONNECT EWIO2 series devices, specifically in the Energy-Controlling EWIO2-M, EWIO2-M-BM, and Ethernet-IO EWIO2-BM models, all running firmware prior to 2.2.0. Due to a web server misconfiguration, an unauthenticated remote attacker can read the source code of PHP modules on these devices.

Impact

Exploitation of this vulnerability allows for unauthorized access to the source code of PHP modules, which could lead to further attacks or exploitation of the device.

Remediation

Users are advised to update to version 2.2.0 or later. Schedule the update during the next maintenance window.

Added: Nov 18, 2025, 11:17 AM

Updated: Nov 18, 2025, 2:43 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

METZ CONNECT EWIO2 Series PHP Module Source Code Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

METZ CONNECT Energy-Controlling EWIO2-M

METZ CONNECT Energy-Controlling EWIO2-M-BM

METZ CONNECT Ethernet-IO EWIO2-BM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating