Schneider Electric Modicon Controllers (Update B)

Plan Patch7.5ICS-CERT ICSA-25-140-08May 13, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Unauthenticated file read vulnerability in Schneider Electric Modicon Controllers M241, M251, M258, and LMC058. An attacker could read arbitrary files from the controller without authentication, potentially exposing proprietary configuration data, logic, or other sensitive information stored on the device.

What this means

What could happen

An attacker could read configuration files, control logic, and other sensitive data directly from your PLC without needing credentials. This could expose how your process is controlled and give an attacker the information needed to plan further attacks on your systems.

Who's at risk

Operators and engineers maintaining Modicon M241, M251, M258, and LMC058 PLCs in energy generation/distribution and manufacturing environments. These controllers are used for performance-demanding machine automation and process control applications.

How it could be exploited

An attacker with network access to the Modicon controller can send requests to read arbitrary files from the device storage. Since no authentication is required, the attacker does not need credentials or physical access. The attacker could extract program logic, setpoints, or other operational data to inform further attacks against the plant.

Prerequisites

Network access to the Modicon controller on its management or communication port
No authentication credentials required

remotely exploitableno authentication requiredlow complexityaffects proprietary data confidentiality

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

Modicon Controllers M241<5.3.12.485.3.12.48

Modicon Controllers M251<5.3.12.485.3.12.48

Modicon Controllers M258<5.0.4.195.0.4.19

Modicon Controllers LMC058<5.0.4.195.0.4.19

Remediation & Mitigation

0/5

Do now

0/1

HARDENINGRestrict network access to Modicon controllers using firewall rules to allow only authorized engineering workstations and SCADA systems

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Modicon M241 firmware to version 5.3.12.48 or later using EcoStruxure Automation Expert - Motion V24.1 or EcoStruxure Machine Expert V2.3

HOTFIXUpdate Modicon M251 firmware to version 5.3.12.48 or later using EcoStruxure Automation Expert - Motion V24.1 or EcoStruxure Machine Expert V2.3

HOTFIXUpdate Modicon M258 firmware to version 5.0.4.19 or later using EcoStruxure Machine Expert with Controller Assistant

HOTFIXUpdate Modicon LMC058 firmware to version 5.0.4.19 or later using EcoStruxure Machine Expert with Controller Assistant

CVEs (1)

CVE-2025-2875

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4d864294-4353-4d6a-8be6-a51270d0fafc