Schneider Electric Modicon Controllers M241, M251, M258, and LMC058
p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-02.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability may risk a Cross-site Scripting or an open redirect attack which could result in an account takeover scenario or the execution of code in the user browser. /strong /p p The following versions of Schneider Electric Modicon Controllers M241, M251, M258, and LMC058 are affected: /p ul li Modicon M241 versions prior to 5.4.13.12 Modicon_Controller_M241 /li li Modicon M251 versions prior to 5.4.13.12 Modicon_Controller_M251 /li li Modicon Controllers M258 all firmware versions Modicon_Controllers_M258 /li li Modicon Controllers LMC058 all firmware versions Modicon_Controllers_LMC058 /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 5.4 /td td Schneider Electric /td td Schneider Electric Modicon Controllers M241, M251, M258, and LMC058 /td td Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities, Critical Manufacturing, Energy /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong France /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2025-13902 /a /h3 div class= csaf-accordion-content p CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim's browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server containing the injected payload. /p p a href= https://www.cve.org/CVERecord?id=CVE-2025-13902 View CVE Details /a /p hr h4 Affected Products /h4 h5 Schneider Electric Modicon Controllers M241, M251, M258, and LMC058 /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Schneider Electric /div div class= ics-version strong Product Version: /strong br Schneider Electric Modicon M241 versions prior to 5.4.13.12: Modicon_Controller_M241, Schneider Electric Modicon M251 versions prior to 5.4.13.12: Modicon_Controller_M251, Schneider Electric Modicon Controllers M258 all firmware versions: Modicon_Controllers_M258, Schneider Electric Modicon Controllers LMC058 all firmware versions: Modicon_Controllers_LMC058 /div div class= ics-status strong Product Status: /strong br known_affected /div /div div class=
Sign in to read the full article
Create a free account to access all news, downloads, and community features
Originally published by CISA
Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-02
This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.