Modicon m251 firmware
This hub aggregates every CVE we track for Modicon m251 firmware, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.
10
CVEs tracked
3
Critical
3
High
0
In CISA KEV
Severity distribution
MEDIUM4HIGH3CRITICAL3
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
2024-082026-07
Latest CVEs
The 10 most recently published vulnerabilities affecting Modicon m251 firmware.
- CVE-2025-13902CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s brows...5.4
- CVE-2025-13901CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to ...5.3
- CVE-2024-6528CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where ...5.4
- CVE-2021-22699Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the co...7.5
- CVE-2020-7488A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 co...7.5
- CVE-2020-7487A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers.9.8
- CVE-2019-6820A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a spe...8.2
- CVE-2017-6028An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are ...9.8
- CVE-2017-6026A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to...9.1
- CVE-2017-6030Schneider Electric Modicon PLCs Predictable Value Range from Previous Values6.5
Product normalization is registry-driven with AI assist and human review. How it works