Improper Resource Shutdown in Machine Expert by Schneider Electric
CVE-2025-13901

6.9MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Modicon M241/m251; Modicon M262
Vendor: CVE Published:; 10 March 2026

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2025-13901?

An improper resource shutdown vulnerability has been identified in Schneider Electric's Machine Expert. This flaw allows an unauthenticated attacker to exploit the system by sending specially crafted payloads, which can occupy active communication channels, potentially causing a partial Denial of Service. Addressing this issue is crucial to maintaining the stability and security of deployed environments.

Affected Version(s)

Modicon M241/M251 Versions prior to 5.4.13.12

Modicon M262 Versions prior to 5.4.10.12

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Dec 2, 2025

CVE-2025-13901 Data

JSON