Schneider Electric Modicon M241, M251, and M262

MonitorCVSS 5.3ICS-CERT ICSA-26-078-01Mar 10, 2026

Schneider ElectricEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial-of-service vulnerability exists in Schneider Electric Modicon M241, M251, and M262 controllers due to improper resource shutdown or release. An attacker can trigger abnormal termination of the controller process, causing a denial of service. The vulnerability affects M241 and M251 controllers with firmware versions before 5.4.13.12, and M262 controllers with firmware versions before 5.4.10.12.

What this means

What could happen

An attacker could crash a Modicon controller, stopping production lines or critical manufacturing processes until the device is manually restarted. This could disrupt operations for hours, affecting equipment dependent on these controllers for commands or monitoring.

Who's at risk

This advisory affects manufacturing and energy organizations that operate Schneider Electric Modicon M241, M251, or M262 programmable logic controllers (PLCs). These controllers are commonly used to control production lines, pump stations, motor drives, and other critical industrial equipment in factories, water systems, and power plants.

How it could be exploited

An attacker with network access to the controller could send a malformed message or trigger a specific input condition that causes the controller process to terminate abnormally. The attack requires only network connectivity to the device; no credentials or interaction with operators is needed.

Prerequisites

Network access to the Modicon controller port (typically port 502 for Modbus TCP or port 44818 for Ethernet/IP)
No authentication required

remotely exploitableno authentication requiredlow complexityaffects manufacturing and energy control systems

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Modicon Controller M241< 5.4.13.125.4.13.12

Modicon Controller M251< 5.4.13.125.4.13.12

Modicon Controller M262< 5.4.10.125.4.10.12

Remediation & Mitigation

0/7

Do now

0/1

WORKAROUNDRestrict network access to controller ports by filtering traffic through the embedded controller firewall or upstream network firewall; allow only trusted engineering workstations and SCADA servers

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Modicon M241 controller firmware to version 5.4.13.12 or later using EcoStruxure Machine Expert v2.5.0.1

HOTFIXUpdate Modicon M251 controller firmware to version 5.4.13.12 or later using EcoStruxure Machine Expert v2.5.0.1

HOTFIXUpdate Modicon M262 controller firmware to version 5.4.10.12 or later using EcoStruxure Machine Expert v2.5

Long-term hardening

0/3

HARDENINGSegment controllers into a protected industrial network isolated from untrusted networks and the public internet

HARDENINGEnable encrypted communication links for all remote access to controllers

HARDENINGDeploy VPN tunnels for any remote access to controllers from outside the protected network

CVEs (1)

CVE-2025-13901

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c7adf110-5d64-41a0-96fc-49a589351032

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.