Description
Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection management process and triggering improper memory access.
Published: 2026-06-19
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Mitsubishi Electric’s MELSEC iQ-F Series FX5-EIP EtherNet/IP module suffers from an integer overflow or wraparound in its EtherNet/IP function, allowing a remote attacker to trigger a denial‑of‑service by rapidly opening a large number of TCP connections. The overflow causes an inconsistency in the module’s internal connection management and leads to improper memory access, interrupting normal operation without compromising confidentiality or integrity.

Affected Systems

The flaw affects Mitsubishi Electric MELSEC iQ‑F Series FX5‑EIP EtherNet/IP Module FX5‑EIP, versions 1.000 and earlier. The vulnerability is specific to this product line and version family.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity. EPSS is not available, and the vulnerability is not listed in CISA KEV. Attacks are likely conducted remotely over the network by a malicious actor with no local or administrative privileges, leveraging the EtherNet/IP protocol to flood the module with connections. Once the integer overflows, the device experiences a service outage due to improper memory handling.

Generated by OpenCVE AI on June 19, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s firmware or software update that addresses the integer overflow issue.
  • Restrict network access to the module by limiting the number of concurrent TCP connections and enforcing strict firewall rules.
  • Disable unused EtherNet/IP services or segments to reduce the attack surface.
  • Implement monitoring for abnormal connection patterns and maintain network segmentation to isolate the device from critical control traffic.

Generated by OpenCVE AI on June 19, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Mitsubishi Electric
Mitsubishi Electric melsec Iq-f Series Fx5-enet/ip Ethernet Module Fx5-enet/ip
Vendors & Products Mitsubishi Electric
Mitsubishi Electric melsec Iq-f Series Fx5-enet/ip Ethernet Module Fx5-enet/ip

Mon, 22 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 19 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
Description Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection management process and triggering improper memory access.
Title Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series EtherNet/IP module
Weaknesses CWE-190
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Mitsubishi Electric Melsec Iq-f Series Fx5-enet/ip Ethernet Module Fx5-enet/ip
cve-icon MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published:

Updated: 2026-06-22T14:50:21.057Z

Reserved: 2026-05-18T05:51:43.565Z

Link: CVE-2026-8805

cve-icon Vulnrichment

Updated: 2026-06-22T14:50:17.654Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T20:30:04Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound