Integer Overflow Vulnerability in Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP Module
CVE-2026-8805

8.7HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Mitsubishi Electric Melsec Iq-f Series Fx5-eip Ethernet/ip Module Fx5-eip
Vendor
CVE Published:
19 June 2026

What is CVE-2026-8805?

The vulnerability in Mitsubishi Electric's MELSEC iQ-F Series FX5-EIP EtherNet/IP module allows a remote attacker to exploit an integer overflow condition. By overwhelming the device with a rapid succession of TCP connection requests, the attacker can disrupt the internal connection management processes, potentially leading to a denial-of-service effect. This flaw impacts versions 1.000 and prior, where improper memory access can occur, significantly affecting the device's operational stability.

Affected Version(s)

Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior

References

https://www.mitsubishielectric.com/psirt/vulnerability/pd...
vendor-advisory
https://jvn.jp/vu/JVNVU97140216/
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...
government-resource

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.