Schneider Electric Modicon M241, M251, and M262
Summary
CISA has issued an alert regarding a Denial-of-Service vulnerability (CVE-2025-13901) in Schneider Electric's Modicon M241, M251, and M262 programmable logic controllers. Successful exploitation could allow an unauthenticated attacker to occupy active communication channels, leading to a partial DoS condition.
IFF Assessment
This vulnerability, if exploited, can disrupt the normal operation of critical industrial control systems, posing a risk to operational continuity.
Severity
Defender Context
This vulnerability impacts Industrial Control Systems (ICS) and Operational Technology (OT) environments, which are critical for sectors like manufacturing and energy. Defenders should prioritize patching or applying mitigations for affected Schneider Electric Modicon controllers to prevent potential service disruptions.