CVE-2025-13901

Summary

CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricModicon M241/M251Versions prior to 5.4.13.12affected
Schneider ElectricModicon M262Versions prior to 5.4.10.12affected

Weaknesses

  • CWE-404: CWE-404 Improper Resource Shutdown or Release

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References