Schneider Electric Modicon Controllers M241, M251, M258, and LMC058
Summary
Schneider Electric Modicon Controllers M241, M251, M258, and LMC058 are affected by a Cross-site Scripting (XSS) vulnerability (CVE-2025-13902). Successful exploitation could lead to account takeover or arbitrary code execution in the user's browser.
IFF Assessment
This vulnerability allows attackers to potentially gain unauthorized access or execute malicious code, posing a direct threat to system integrity and security.
Severity
Defender Context
This alert highlights a critical vulnerability in industrial control systems (ICS) that are deployed worldwide across various critical infrastructure sectors. Defenders should prioritize patching or implementing mitigations for affected Schneider Electric Modicon controllers to prevent potential account takeovers and code execution, which could disrupt operations.