PatchSiren cyber security CVE debrief
CVE-2025-13901 Schneider Electric CVE debrief
CVE-2025-13901 is an unauthenticated, network-reachable denial-of-service issue in Schneider Electric Modicon M241, M251, and M262 systems. According to the advisory, a malicious payload can occupy active communication channels in the Machine Expert protocol, leading to partial loss of availability. Schneider Electric and CISA list fixed firmware builds and recommend both software updates and network hardening measures.
- Vendor
- Schneider Electric
- Product
- Modicon M241
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-10
- Original CVE updated
- 2026-03-19
- Advisory published
- 2026-03-10
- Advisory updated
- 2026-03-19
Who should care
OT and ICS operators using Schneider Electric Modicon M241, M251, or M262 controllers; engineering workstation administrators running EcoStruxure Machine Expert; plant security teams responsible for segmentation, remote access, and controller patching.
Technical summary
The source advisory describes a CWE-404 improper resource shutdown or release condition that can allow an unauthenticated attacker to send crafted network payloads and tie up active communication channels. The impact is limited to availability, described as partial denial of service, and the advisory states the issue affects Modicon M241 firmware versions prior to 5.4.13.12, Modicon M251 firmware versions prior to 5.4.13.12, and Modicon M262 firmware versions prior to 5.4.10.12. Remediation is provided through updated controller firmware and EcoStruxure Machine Expert v2.5.0.1.
Defensive priority
Medium. The issue is unauthenticated and network-based, which raises operational urgency in exposed OT environments, but the documented impact is partial availability loss rather than code execution or full device compromise.
Recommended defensive actions
- Upgrade Modicon M241 controllers to firmware 5.4.13.12 or later and reboot as directed by Schneider Electric.
- Upgrade Modicon M251 controllers to firmware 5.4.13.12 or later and reboot as directed by Schneider Electric.
- Upgrade Modicon M262 controllers to firmware 5.4.10.12 or later and reboot as directed by Schneider Electric.
- Install EcoStruxure Machine Expert v2.5.0.1 on engineering workstations using the Schneider Electric Software Installer.
- If immediate patching is not possible, restrict controller exposure to trusted networks only and avoid public internet or untrusted network access.
- Filter ports and IP addresses through the embedded firewall where available.
- Use encrypted communication links and VPN tunnels for any required remote access.
- Follow Schneider Electric hardening guidance for EcoStruxure Machine Expert, Modicon, and PacDrive controllers and associated equipment.
Evidence notes
This debrief is based on the CISA CSAF republishing of Schneider Electric advisory SEVD-2026-069-01 for ICSA-26-078-01, published 2026-03-10 and modified 2026-03-19. The source states that an unauthenticated attacker can send malicious payloads to occupy active communication channels and cause partial denial of service on the Machine Expert protocol. The advisory lists remediation for specific fixed firmware versions and includes mitigation guidance for limiting network exposure. The corpus contains no KEV entry and no ransomware-campaign attribution.
Official resources
-
CVE-2025-13901 CVE record
CVE.org
-
CVE-2025-13901 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed via Schneider Electric advisory SEVD-2026-069-01 and CISA advisory ICSA-26-078-01 on 2026-03-10, with a CISA republication/update on 2026-03-19. No KEV listing is present in the supplied corpus.