CVE-2025-41734

Name of the Vulnerable Software and Affected Versions METZ CONNECT EWIO2-M versions prior to 2.2.0 METZ CONNECT Ethernet-IO EWIO2-BM versions prior to 2.2.0

Description An unauthenticated remote attacker can execute arbitrary PHP files and gain full access of the affected devices. This allows malicious actors to run malicious scripts without authentication, leading to full control over the device. The vulnerability affects industrial IoT control systems.

Recommendations METZ CONNECT EWIO2-M versions prior to 2.2.0: Update to version 2.2.0 or later. METZ CONNECT Ethernet-IO EWIO2-BM versions prior to 2.2.0: Update to version 2.2.0 or later.