Denial-of-Service Vulnerability in Mitsubishi Electric MELSEC iQ-F Series Ethernet Modules
CVE-2026-1874

8.7HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Melsec Iq-f Series Fx5-enet/ip Ethernet Module Fx5-enet/ip
Melsec Iq-f Series Fx5-eip Ethernet/ip Module Fx5-eip
Vendor
CVE Published:
3 March 2026

What is CVE-2026-1874?

Mitsubishi Electric Corporation's MELSEC iQ-F Series Ethernet modules, specifically the FX5-ENET/IP and FX5-EIP models, are susceptible to a denial-of-service condition. This vulnerability allows remote attackers to disrupt the normal function of these devices by sending a continuous flow of UDP packets. Affected individuals must perform a system reset to restore functionality, making this a significant concern for those operating in environments reliant on reliable network communications.

Affected Version(s)

MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP All versions

MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior

References

https://www.mitsubishielectric.com/psirt/vulnerability/pd...
vendor-advisory
https://jvn.jp/vu/JVNVU93286687/
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-6...
government-resource

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.