Summary
Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the product.
The following versions of Schneider Electric Modicon M241, M251, and M262 are affected:
- Modicon M241 versions prior to 5.4.13.12 Modicon_Controller_M241
- Modicon M251 versions prior to 5.4.13.12 Modicon_Controller_M251
- Modicon M262 versions prior to 5.4.10.12 Modicon_Controller_M262
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 5.3 | Schneider Electric | Schneider Electric Modicon M241, M251, and M262 | Improper Resource Shutdown or Release |
Background
- Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: France
Vulnerabilities
CVE-2025-13901
CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels.
Affected Products
Schneider Electric Modicon M241, M251, and M262
Schneider Electric
Schneider Electric Modicon M241 versions prior to 5.4.13.12: Modicon_Controller_M241, Schneider Electric Modicon M251 versions prior to 5.4.13.12: Modicon_Controller_M251, Schneider Electric Modicon M262 versions prior to 5.4.10.12: Modicon_Controller_M262
known_affected
Remediations
Mitigation
Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Modicon Controller M241 Firmware version 5.4.13.12 delivered with EcoStruxure™ Machine Expert v2.5.0.1 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5.0.1 of EcoStruxure™ Machine Expert. For help refer to Schneider Electric Software Installer User Guide available here: https://www.se.com/ww/en/download/document/EIO0000005500/. Update Modicon Controller M241 to the latest Firmware and perform reboot. For instructions refer to Modicon M241 Logic Controller, Programming Guide: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/.
https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/
Mitigation
Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Modicon Controller M241 Firmware version 5.4.13.12 delivered with EcoStruxure™ Machine Expert v2.5.0.1 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5.0.1 of EcoStruxure™ Machine Expert. For help refer to Schneider Electric Software Installer User Guide available here: https://www.se.com/ww/en/download/document/EIO0000005500/. Update Modicon Controller M241 to the latest Firmware and perform reboot. For instructions refer to Modicon M241 Logic Controller, Programming Guide: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/.
https://www.se.com/ww/en/download/document/EIO0000005500/
Mitigation
Modicon Controller M251 Firmware version 5.4.13.12 delivered with EcoStruxure™ Machine Expert v2.5.0.1 includes a fix for this vulnerability and can be installed through Schneider Electric Software Installer available here: https://www.se.com/ww/en/download/document/ESEMACS10_INSTALLER/. On the engineering workstation install v2.5
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: