Denial-of-Service Risk in Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP Module
CVE-2026-1875

8.7HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Melsec Iq-f Series Fx5-eip Ethernet/ip Module Fx5-eip
Vendor
CVE Published:
3 March 2026

What is CVE-2026-1875?

A vulnerability exists in the Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP Module that allows remote attackers to execute a denial-of-service (DoS) attack by sending an excessive number of UDP packets. This excessive traffic can lead to system instability, requiring a manual reset to recover the affected products. This issue poses a significant risk to the availability and reliability of industrial control systems utilizing these modules.

Affected Version(s)

MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP All versions

References

https://www.mitsubishielectric.com/psirt/vulnerability/pd...
vendor-advisory
https://jvn.jp/vu/JVNVU93286687/
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-6...
government-resource

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.