Improper Resource Shutdown or Release vulnerability in Multiple Products

Monitor5.3SEVD-2026-069-01Mar 10, 2026

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Improper resource cleanup in Schneider Electric Modicon Controllers M241, M251, and M262 allows an attacker to trigger a denial of service condition. When an attacker sends a malformed network request to a vulnerable controller, the device fails to properly release memory or connection resources, eventually becoming unresponsive. The controller must be manually rebooted to restore operation. The vulnerability affects M241 and M251 running firmware below 5.4.13.12, and M262 running firmware below 5.4.10.12.

What this means

What could happen

An attacker could cause the Modicon Controller to become unresponsive, interrupting whatever automation process it controls (motor drives, compressors, pumps, or sequence logic). The controller would need to be manually rebooted to restore operations.

Who's at risk

Organizations operating Schneider Electric Modicon Controller M241, M251, or M262 units in manufacturing, utilities, and energy facilities. These PLCs are commonly used to automate pumps, motors, compressors, conveyors, and other critical equipment in water treatment, power generation, and industrial processes.

How it could be exploited

An attacker on the network sends a specially crafted message to the controller on its native communication port (likely Modbus TCP port 502 or proprietary Schneider protocol). The malformed request triggers improper resource cleanup, exhausting available memory or connections until the controller can no longer respond to legitimate commands.

Prerequisites

Network access to the Modicon controller on its communication port (Modbus TCP or Ethernet)
No authentication required to send the malicious message
Controller must be running a vulnerable firmware version

remotely exploitableno authentication requiredlow complexityaffects industrial process availability

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

Modicon Controller M241< 5.4.13.125.4.13.12

Modicon Controller M251< 5.4.13.125.4.13.12

Modicon Controller M262< 5.4.10.125.4.10.12

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict network access to Modicon controllers by implementing firewall rules to block unauthenticated traffic to communication ports from untrusted networks

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Modicon M241 to firmware version 5.4.13.12 via EcoStruxure Machine Expert v2.5.0.1 and reboot the controller

HOTFIXUpdate Modicon M251 to firmware version 5.4.13.12 via EcoStruxure Machine Expert v2.5.0.1 and reboot the controller

HOTFIXUpdate Modicon M262 to firmware version 5.4.10.12 via EcoStruxure Machine Expert v2.5 and reboot the controller

Long-term hardening

0/1

HARDENINGSegment Modicon controllers onto a dedicated, isolated automation network separate from corporate IT and the internet

CVEs (1)

CVE-2025-13901

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ca271456-aab6-4192-802f-3ae085f07277