Description
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all versions allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.
Published: 2026-03-03
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Mitigations
AI Analysis

Impact

Improper resource shutdown or release in the Ethernet function of the MELSEC iQ-F Series FX5-EIP EtherNet/IP Module allows a remote attacker to trigger a DoS condition by persistently sending UDP packets. The vulnerability, classified under CWE‑404, results in the module entering an error state that can only be recovered via a full system reset, effectively making the device unavailable until the reset is performed.

Affected Systems

The affected devices are Mitsubishi Electric Corporation’s MELSEC iQ‑F Series FX5‑EIP EtherNet/IP Modules, specifically the FX5‑EIP component, across all released versions. No other vendors or product lines are listed as impacted.

Risk and Exploitability

The CVSS score of 8.7 denotes a high severity level, while an EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not currently listed in the CISA KEV catalog. The attack vector is inferred to be remote over the network, requiring continuous UDP traffic directed at the module’s IP address; no authentication or special privileges are required. Because the DoS state requires a manual reset, the impact is interrupted operations and potential business downtime.

Generated by OpenCVE AI on April 16, 2026 at 14:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • If a vendor patch or firmware update addressing the UDP handling flaw is available, apply it immediately.
  • Configure firewall or access control lists to allow UDP traffic to the FX5‑EIP module only from trusted IP addresses and consider rate limiting to mitigate continuous flooding.
  • Implement monitoring for abnormal UDP traffic patterns and set up an automated or manual reset procedure to restore service when a DoS condition is detected.

Generated by OpenCVE AI on April 16, 2026 at 14:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 04 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Mitsubishi Electric Corporation
Mitsubishi Electric Corporation melsec Iq-f Series Fx5-eip Ethernet/ip Module Fx5-eip
Vendors & Products Mitsubishi Electric Corporation
Mitsubishi Electric Corporation melsec Iq-f Series Fx5-eip Ethernet/ip Module Fx5-eip

Wed, 04 Mar 2026 08:30:00 +0000

Type Values Removed Values Added
References

Tue, 03 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 03 Mar 2026 07:00:00 +0000

Type Values Removed Values Added
Description Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all versions allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.
Title Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series EtherNet/IP module
Weaknesses CWE-404
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Mitsubishi Electric Corporation Melsec Iq-f Series Fx5-eip Ethernet/ip Module Fx5-eip
cve-icon MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published:

Updated: 2026-03-04T08:20:40.379Z

Reserved: 2026-02-04T04:09:48.429Z

Link: CVE-2026-1875

cve-icon Vulnrichment

Updated: 2026-03-03T14:34:36.518Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-03T07:16:10.277

Modified: 2026-03-04T09:15:55.653

Link: CVE-2026-1875

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T14:15:28Z

Weaknesses