Modicon Controllers M241/M251/M258/LMC058
Plan Patch7.5SEVD-2025-133-01May 13, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Schneider Electric Modicon Controllers M241, M251, M258, and LMC058 contain a vulnerability (CWE-610) that allows unauthenticated read access to arbitrary files on the controller. This could expose confidential data, configuration files, or operational parameters stored on the device. The vulnerability affects controllers running firmware versions prior to 5.3.12.48 (M241/M251) or 5.0.4.19 (M258/LMC058).
What this means
What could happen
An attacker with network access to a vulnerable controller could read sensitive files and extract confidential data such as proprietary logic, credentials, or configuration settings without authentication. This disclosure alone does not directly stop operations but could enable further attacks if credentials or system details are exposed.
Who's at risk
Energy utilities and manufacturing plants using Schneider Electric Modicon Controllers M241, M251, M258, or LMC058 as programmable logic controllers for process automation should prioritize patching. These devices control machinery and industrial processes; exposure of their configuration or credentials could compromise plant security and enable further attacks on production systems.
How it could be exploited
An attacker sends a crafted request to the controller over the network to request arbitrary files. The vulnerable controller fails to authenticate the request and returns the file contents. No special privileges, credentials, or user interaction are required.
Prerequisites
- Network connectivity to the controller's IP address and port where the file service is accessible
- No authentication credentials needed
remotely exploitableno authentication requiredlow complexityaffects manufacturing and energy sector automation
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
Modicon Controllers M241<5.3.12.485.3.12.48
Modicon Controllers M251<5.3.12.485.3.12.48
Modicon Controllers M258<5.0.4.195.0.4.19
Modicon Controllers LMC058<5.0.4.195.0.4.19
Remediation & Mitigation
0/4
Do now
0/2HARDENINGRestrict network access to the controllers using firewall rules or industrial network segmentation to limit which systems can reach the vulnerable file service ports
HARDENINGAudit controller access logs and review which files may have been accessed to assess if credentials or sensitive configuration have been exposed
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate Modicon M241 and M251 controllers to firmware version 5.3.12.48 using EcoStruxure™ Automation Expert - Motion V24.1 or EcoStruxure™ Machine Expert V2.3 Controller Assistant feature, followed by controller reboot
HOTFIXUpdate Modicon M258 and LMC058 controllers to firmware version 5.0.4.19 using EcoStruxure™ Machine Expert Controller Assistant feature, followed by controller reboot
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ecfb7947-2714-45e3-b677-a4551f1fcd8b