Description
Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection management process and triggering improper memory access.
Published: 2026-06-19
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Mitsubishi Electric’s MELSEC iQ-F Series FX5-EIP EtherNet/IP module suffers from an integer overflow or wraparound in its EtherNet/IP function, allowing a remote attacker to trigger a denial‑of‑service by rapidly opening a large number of TCP connections. The overflow causes an inconsistency in the module’s internal connection management and leads to improper memory access, interrupting normal operation without compromising confidentiality or integrity.

Affected Systems

The flaw affects Mitsubishi Electric MELSEC iQ‑F Series FX5‑EIP EtherNet/IP Module FX5‑EIP, versions 1.000 and earlier. The vulnerability is specific to this product line and version family.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity. EPSS is not available, and the vulnerability is not listed in CISA KEV. Attacks are likely conducted remotely over the network by a malicious actor with no local or administrative privileges, leveraging the EtherNet/IP protocol to flood the module with connections. Once the integer overflows, the device experiences a service outage due to improper memory handling.

Generated by OpenCVE AI on June 19, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s firmware or software update that addresses the integer overflow issue.
  • Restrict network access to the module by limiting the number of concurrent TCP connections and enforcing strict firewall rules.
  • Disable unused EtherNet/IP services or segments to reduce the attack surface.
  • Implement monitoring for abnormal connection patterns and maintain network segmentation to isolate the device from critical control traffic.

Generated by OpenCVE AI on June 19, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
Description Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection management process and triggering improper memory access.
Title Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series EtherNet/IP module
Weaknesses CWE-190
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published:

Updated: 2026-06-19T02:26:57.176Z

Reserved: 2026-05-18T05:51:43.565Z

Link: CVE-2026-8805

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T04:30:05Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound