METZ CONNECT EWIO2

Act Now9.8ICS-CERT ICSA-25-322-05Nov 18, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A critical authentication bypass in METZ CONNECT EWIO2 series devices (EWIO2-M, EWIO2-M-BM, EWIO2-BM) with firmware <2.2.0 allows unauthenticated attackers with network access to gain full administrative control of the device. The vulnerability exists in the configuration API and bypasses the normal login mechanism. An attacker could change device configurations, manipulate operational data, disrupt energy control services, or render the device non-functional. METZ CONNECT has released firmware version 2.2.0 which addresses this vulnerability. No equivalent workaround provides the same level of protection as the patch.

What this means

What could happen

An attacker can bypass authentication and gain full administrative control of EWIO2 devices without credentials, allowing them to modify energy control configurations, disrupt electrical distribution or generation operations, or render the device non-functional.

Who's at risk

Energy utilities and power distribution operators using METZ CONNECT EWIO2 series devices (EWIO2-M, EWIO2-M-BM, EWIO2-BM) for energy control and remote I/O functions should prioritize patching immediately, as these devices may be critical infrastructure with direct impact on electrical distribution and generation.

How it could be exploited

An attacker with network access to the device connects directly to the EWIO2's management interface and exploits an authentication bypass in the configuration API to obtain administrative privileges without providing valid credentials, then uses those privileges to modify device settings or shut down operations.

Prerequisites

Network access to EWIO2 device management interface
Vulnerable firmware version <2.2.0 installed

Remotely exploitableNo authentication requiredLow complexity attackAffects critical energy infrastructureCVSS 9.8 (critical)Default credentials may apply

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Energy-Controlling EWIO2-M<2.2.02.2.0

Energy-Controlling EWIO2-M-BM<2.2.02.2.0

Ethernet-IO EWIO2-BM<2.2.02.2.0

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict network access to EWIO2 devices by placing them behind firewalls and isolating from business networks and the internet

HARDENINGIf remote access is required to EWIO2 devices, implement VPN or other secure remote access methods

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EWIO2-M firmware to version 2.2.0 or later

HOTFIXUpdate EWIO2-M-BM firmware to version 2.2.0 or later

HOTFIXUpdate EWIO2-BM firmware to version 2.2.0 or later

CVEs (5)

CVE-2025-41733 CVE-2025-41734 CVE-2025-41735 CVE-2025-41736 CVE-2025-41737

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2e7d9417-ef55-4045-8e8e-3fd64acb62d1