OTPulse

Schneider Electric Modicon Controllers (Update A)

MonitorCVSS 6.5ICS-CERT ICSA-25-175-03Jun 10, 2025
Schneider ElectricEnergyManufacturing
Attack path
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Schneider Electric has identified multiple vulnerabilities (CWE-20, CWE-79, CWE-400) in Modicon Controllers M241, M251, M258, M262, and LMC058 that could allow an authenticated attacker to trigger denial of service, cross-site scripting, or uncontrolled resource consumption. These conditions could result in loss of availability of the controller and interruption of process automation. Modicon M241, M251, and M262 have firmware patches available. Modicon M258 and LMC058 models will not receive patches and require network-level mitigations.

What this means
What could happen
An attacker with network access and valid credentials could trigger denial of service conditions on your Modicon controller, causing it to stop responding to legitimate commands and potentially halting process automation or safety functions.
Who's at risk
Energy sector and manufacturing plants using Schneider Electric Modicon Controllers M241, M251, M258, M262, or LMC058 for process automation. Site maintenance and engineering teams who manage these PLCs are responsible for applying updates. Plants with legacy M258 and LMC058 models that cannot be patched need compensating network controls.
How it could be exploited
An attacker with valid engineering credentials could send a crafted network request to the controller that triggers uncontrolled resource consumption or a denial of service condition, interrupting normal PLC operations.
Prerequisites
  • Network access to the controller on its configured communication ports
  • Valid engineering or operator credentials for authentication
Remotely exploitableRequires valid credentialsNo patch available for M258 and LMC058 modelsAffects automation and potentially safety-critical processes
Exploitability
Unlikely to be exploited — EPSS score 0.3%
Affected products (5)
3 with fix2 EOL
ProductAffected VersionsFix Status
Modicon Controllers M251<5.3.12.515.3.12.51
Modicon Controllers M262<5.3.9.185.3.9.18
Modicon Controllers M258 All versionsAll versionsNo fix (EOL)
Modicon Controllers LMC058 All versionsAll versionsNo fix (EOL)
Modicon Controllers M241<5.3.12.515.3.12.51
Remediation & Mitigation
0/5
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Modicon M241 controllers to firmware version 5.3.12.51 or later using EcoStruxure Automation Expert – Motion v24.1 or EcoStruxure Machine Expert v2.3 Controller Assistant feature, followed by controller reboot.
HOTFIXUpdate Modicon M251 controllers to firmware version 5.3.12.51 or later using EcoStruxure Automation Expert – Motion v24.1 or EcoStruxure Machine Expert v2.3 Controller Assistant feature, followed by controller reboot.
HOTFIXUpdate Modicon M262 controllers to firmware version 5.3.9.18 or later using EcoStruxure Automation Expert – Motion v24.1 or EcoStruxure Machine Expert v2.3 Controller Assistant feature, followed by controller reboot.
Mitigations - no patch available
0/2
The following products have reached End of Life with no planned fix: Modicon Controllers M258 All versions, Modicon Controllers LMC058 All versions. Apply the following compensating controls:
HARDENINGRestrict network access to Modicon M258 and LMC058 controllers to only authorized engineering workstations, as no firmware patch is available for these models.
HARDENINGLimit engineering credential distribution and enforce strong password policies for any accounts used to access Modicon controllers.
View full CISA ICS-CERT advisory
API: /api/v1/advisories/9b865645-f484-41c8-9c16-5c504d27f29f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.