To ensure system security, it is mandatory to update Ewon devices to the latest available firmware during installation.
Firmware version 23.0 has been specifically developed to comply with the new cybersecurity requirements of the Radio Equipment Directive (RED), effective August 1, 2025.
In addition to firmware updates, you must:
These measures are essential to maintain the cybersecurity integrity of your installation.
The Ewon FTP server is now disabled by default (factory settings and after reset).
It can be enabled on VPN and/or LAN interfaces via the advanced parameter ‘ClosedDevice’.
Example values are provided; see (link) for details
| ClosedDevice Value | |
| Close FTP server on LAN, WAN & VPN | 21 |
| Close FTP server on LAN & VPN | 17 |
| Close FTP server on LAN | 1 |
| Close FTP server on VPN | 16 |
The parameter can be set using the Tabular edition feature, under Setup > System > Storage > Tabular edition > Edit COM cfg
The Ewon NTP server is disabled by default. To use the Ewon as an NTP relay, the NTP server must be manually enabled in Setup > System > Main > Net Services > NTP server
USB over IP allows access to a USB device via a Talk2m connection, appearing locally in eCatcher. To use this feature, it must be manually enabled in Setup > System > Communication > General > USBIP
When enabling, the default Log Level and Start Port values can be kept.
Note: A shortcut to the USBIP setup page is available on the Cosy+ summary page under the Gateway Status section.
The Ewon HTTP server, used to display the web configuration pages, is no longer accessible via the WAN interface.
The SMTP client, used to send email or SMS notifications (via digital inputs), now works only through the VPN interface using the Talk2m mail relay.
Using a custom SMTP server is no longer supported.
Previously, the Profinet Explorer started scanning automatically when the page was opened. Now, the scan must be manually triggered using the Refresh button.
Path: Setup > System > Main > Net services > Profinet Explorer
The DynDNS (dynamic DNS) feature has been removed from the Ewon device.
The Ewon device now logs successful and failed login attempts across all its various configuration interfaces (Web server, EBD, FTP server, etc.)
Example EventLog messages:
| Time | Event | Description | Originator |
| 15/06/2025 23:10 | -21305 | eftp-Open FTP session (User: Adm) | Ftps |
| 15/06/2025 23:13 | -28611 | secu-Authentication failure (From FTP server) | ftps |
| 15/06/2025 22:51 | -28611 | secu-Authentication failure (From WEB server) | http |
| 15/06/2025 22:51 | -21020 | east-User has logged into the device web interface (adm) | http |
Logging has been added to track the configuration and usage of privacy assets (e.g., email and SMS). The log records when values are configured and when they are used.
Example EventLog messages:
| Time | Event | Description | Originator |
| 15/06/2025 22:22 | 1073788325 | cfgw-The COM configuration has been modified | http |
| 15/06/2025 22:23 | -34559 | ecfg-Default Admin password has been changed | http |
| 15/06/2025 23:18 | -34560 | ecfg-Privacy parameter of the COM configuration has been changed (DI1AlarmEmailRecipients) | http |
| 15/06/2025 23:18 | 1073780230 | di-WAN connection PREVENTED by digital input change | http |
| 15/06/2025 23:21 | 1073780233 | di-Sending email(s) to configured address(es) due to digital input event (1) | esyncitf |
| 15/06/2025 23:24 | 1073780234 | di-Sending short message(s) to configured phone number(s) due to digital input event (2) | esyncitf |
A persistent Privacy Asset Log (PAL) has been implemented to comply with RED requirements, ensuring PrivacyAssetEvent logs are retained after a reboot.
A new Export Block descriptor (EBD), dtPAL, allows downloading all log entries in a single file without deleting them.
EBD syntaxe Example: http://#deviceIP#/rcgi.bin/ParamForm?AST_Param=$dtPAL$fnLogText.txt
PAL log content example :
2025-05-27 12:19:18;1342215689;di-Sending email(s) to configured address(es) due to digital input event (1)
2025-05-27 12:04:23;-268470016;ecfg-Privacy parameter of the COM configuration has been changed (DI2AlarmSMSRecipients)
Note: The PAL stores events in three rotating log files located in /usr/PALog/, each up to 0.3 MB. Older files are automatically deleted to maintain storage limits.
The FTP server is disabled by default and needs to be enabled first via the GUI (tabular editor). If enabled on the LAN interface, it needs to be disabled after use unless physical and LAN access are secured.
Alternatively, configuration via USB stick can be used.
Backup and restore via eBuddy use the FTP server, which needs to be enabled first through the GUI. If enabled on the LAN interface, the FTP server needs to be disabled after use unless physical and LAN access are secured.
As the USB over IP feature is disabled by default, you must first enable it on the Ewon device before you can remotely access the connected USB device.
A shortcut to the USB over IP setup page is available on the Cosy+ summary page, under the Gateway Status section.
