CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13902

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server containing the injected payload.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 30.9%

CVSS Severity

CVSS v3 Score 5.4

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-02.pdf

Products affected by CVE-2025-13902

Schneider-Electric » Modicon Lmc058 » Version: N/A

cpe:2.3:h:schneider-electric:modicon_lmc058:-
Schneider-Electric » Modicon M241 » Version: N/A

cpe:2.3:h:schneider-electric:modicon_m241:-
Schneider-Electric » Modicon M251 » Version: N/A

cpe:2.3:h:schneider-electric:modicon_m251:-
Schneider-Electric » Modicon M258 » Version: N/A

cpe:2.3:h:schneider-electric:modicon_m258:-
Schneider-Electric » Modicon Lmc058 Firmware » Version: N/A

cpe:2.3:o:schneider-electric:modicon_lmc058_firmware:-
Schneider-Electric » Modicon M241 Firmware » Version: Any

cpe:2.3:o:schneider-electric:modicon_m241_firmware:*
Schneider-Electric » Modicon M251 Firmware » Version: N/A

cpe:2.3:o:schneider-electric:modicon_m251_firmware:-
Schneider-Electric » Modicon M251 Firmware » Version: 4.0.3.20

cpe:2.3:o:schneider-electric:modicon_m251_firmware:4.0.3.20
Schneider-Electric » Modicon M251 Firmware » Version: 5.1.9.1

cpe:2.3:o:schneider-electric:modicon_m251_firmware:5.1.9.1
Schneider-Electric » Modicon M258 Firmware » Version: N/A

cpe:2.3:o:schneider-electric:modicon_m258_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13902

Products

Pricing

Contact Us