Schneider Electric Modicon M241
Easy fix2 remedies
cpe:2.3:o:se:modicon_m241_firmware:*:*:*:*:*:*:*, +3 more
Easy fix2 remedies
- < 5.3.12.51
Schneider Electric Modicon Controllers Denial-of-Service Vulnerability
Vulnerability
Patched
A denial-of-service vulnerability has been identified in Schneider Electric's Modicon Controllers M241, M251, M258, LMC058, and M262, all prior to specific versions. This vulnerability arises from improper input validation, allowing an authenticated malicious user to send HTTPS requests with invalid data types to the web server, potentially causing a service disruption.
Impact
Exploitation of this vulnerability can lead to a denial-of-service condition, causing uncontrolled resource consumption and disrupting the normal operation of the affected controller.
Remediation
Users of Modicon Controllers M241 and M251 can upgrade to version 5.3.12.51, while those using Modicon Controllers M262 should upgrade to version 5.3.9.18. For Modicon Controllers M258/LMC058, Schneider Electric is developing a remediation plan for future versions. Until then, users should apply recommended cybersecurity best practices, such as using encrypted communication links, segmenting networks, and deactivating the web server when not needed.
Added: Jun 10, 2025, 9:33 AM
Updated: Jun 10, 2025, 9:33 AM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
2.5exploitability
4.9remediation
7.9relevance
0.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.