CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13901

CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 37.9%

CVSS Severity

CVSS v3 Score 5.3

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-01.pdf

Products affected by CVE-2025-13901

Schneider-Electric » Modicon M241 » Version: N/A

cpe:2.3:h:schneider-electric:modicon_m241:-
Schneider-Electric » Modicon M251 » Version: N/A

cpe:2.3:h:schneider-electric:modicon_m251:-
Schneider-Electric » Modicon M262 » Version: N/A

cpe:2.3:h:schneider-electric:modicon_m262:-
Schneider-Electric » Modicon M241 Firmware » Version: Any

cpe:2.3:o:schneider-electric:modicon_m241_firmware:*
Schneider-Electric » Modicon M251 Firmware » Version: N/A

cpe:2.3:o:schneider-electric:modicon_m251_firmware:-
Schneider-Electric » Modicon M251 Firmware » Version: 4.0.3.20

cpe:2.3:o:schneider-electric:modicon_m251_firmware:4.0.3.20
Schneider-Electric » Modicon M251 Firmware » Version: 5.1.9.1

cpe:2.3:o:schneider-electric:modicon_m251_firmware:5.1.9.1
Schneider-Electric » Modicon M262 Firmware » Version: N/A

cpe:2.3:o:schneider-electric:modicon_m262_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13901

Products

Pricing

Contact Us