Schneider Electric Modicon M241, M251, and M262

Monitor5.3ICS-CERT ICSA-26-078-01Mar 19, 2026

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Improper Resource Shutdown or Release vulnerability (CWE-404) in Modicon M241, M251, and M262 controllers. Successful exploitation could cause a denial-of-service condition on the affected controller. The vulnerability affects M241 firmware versions prior to 5.4.13.12, M251 firmware versions prior to 5.4.13.12, and M262 firmware versions prior to 5.4.10.12. Exploitation requires network access to the controller.

What this means

What could happen

An attacker with network access could cause a denial-of-service condition on the Modicon controller, potentially stopping the PLC from processing normal operations and forcing manual recovery or reboot.

Who's at risk

Energy and manufacturing facilities using Modicon M241, M251, or M262 programmable logic controllers. This includes water treatment plants, power distribution systems, manufacturing automation, and any critical process automation relying on these Schneider Electric controllers for operational continuity.

How it could be exploited

An attacker with network connectivity to the affected Modicon controller sends a crafted request that exploits improper resource shutdown, exhausting controller resources and causing the device to stop responding to normal commands. No credentials or authentication are required.

Prerequisites

Network access to the Modicon M241, M251, or M262 controller
No authentication required

remotely exploitableno authentication requiredlow complexityaffects critical process control

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Modicon Controller M241< 5.4.13.125.4.13.12

Modicon Controller M251< 5.4.13.125.4.13.12

Modicon Controller M262< 5.4.10.125.4.10.12

Remediation & Mitigation

0/8

Do now

0/2

WORKAROUNDConfigure embedded firewall to filter ports and IP addresses

WORKAROUNDImplement VPN tunnels if remote access to controllers is required

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Modicon M241 to firmware version 5.4.13.12 via EcoStruxure Machine Expert v2.5.0.1, then reboot the controller

HOTFIXUpdate Modicon M251 to firmware version 5.4.13.12 via EcoStruxure Machine Expert v2.5.0.1, then reboot the controller

HOTFIXUpdate Modicon M262 to firmware version 5.4.10.12 via EcoStruxure Machine Expert v2.5, then reboot the controller

Long-term hardening

0/3

HARDENINGIsolate controllers in a protected environment not accessible from the public internet or untrusted networks

HARDENINGUse encrypted communication links for all controller communication

HARDENINGApply Schneider Electric Cybersecurity Guidelines for EcoStruxure Machine Expert and Modicon Controllers

CVEs (1)

CVE-2025-13901

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c7adf110-5d64-41a0-96fc-49a589351032