CVE-2025-13901

CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels.

CVSS

No CVSS.

References

Link	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-01.pdf

Configurations

No configuration.

History

17 Jun 2026, 08:34

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad CWE-404 de cierre o liberación inadecuados de recursos que podría causar una denegación de servicio parcial en el protocolo Machine Expert cuando un atacante no autenticado envía una carga útil maliciosa para ocupar canales de comunicación activos.

10 Mar 2026, 18:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-10 18:17

Updated : 2026-06-17 08:34

NVD link : CVE-2025-13901

Mitre link : CVE-2025-13901

CVE.ORG link : CVE-2025-13901

JSON object : View

Products Affected

No product.

CWE

CWE-404

Improper Resource Shutdown or Release

{"id": "CVE-2025-13901", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-13901", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T17:24:36.387715Z"}}], "cvssMetricV40": [{"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "cybersecurity@se.com", "affectedData": [{"vendor": "Schneider Electric", "product": "Modicon M241/M251", "versions": [{"status": "affected", "version": "Versions prior to 5.4.13.12"}], "defaultStatus": "unaffected"}, {"vendor": "Schneider Electric", "product": "Modicon M262", "versions": [{"status": "affected", "version": "Versions prior to 5.4.10.12"}], "defaultStatus": "unaffected"}]}], "published": "2026-03-10T18:17:52.063", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-01.pdf", "source": "cybersecurity@se.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-404"}]}], "descriptions": [{"lang": "en", "value": "CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels."}, {"lang": "es", "value": "Existe una vulnerabilidad CWE-404 de cierre o liberaci\u00f3n inadecuados de recursos que podr\u00eda causar una denegaci\u00f3n de servicio parcial en el protocolo Machine Expert cuando un atacante no autenticado env\u00eda una carga \u00fatil maliciosa para ocupar canales de comunicaci\u00f3n activos."}], "lastModified": "2026-06-17T08:34:57.043", "sourceIdentifier": "cybersecurity@se.com"}