Description
Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time, increasing the processing load of the product, preventing the internal anomaly-detection processing from being performed, and causing the communication function to stop.
Published: 2026-06-19
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows a remote attacker to trigger a DoS by sending a large burst of packets to the FX5-ENET/IP Ethernet port, overwhelming the device’s processing resources. This saturation prevents the internal anomaly‑detection mechanisms from operating and ultimately halts all communication functions. The weakness is a failure to enforce proper resource limits during external traffic handling (CWE‑440).

Affected Systems

Mitsubishi Electric MELSEC iQ‑F Series FX5‑ENET/IP Ethernet Module, all released versions, used in industrial control systems.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, while the EPSS score is not available and the vulnerability is not listed in CISA KEV. The attack vector is remote network access; an attacker only needs to be able to reach the Ethernet interface. No public exploits are documented, but the DoS impact could disrupt critical processes if the device serves as a key controller or network gateway.

Generated by OpenCVE AI on June 19, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Mitsubishi Electric PSIRT‑recommended firmware update for the FX5‑ENET/IP Ethernet module.
  • Configure network firewall or access control lists to restrict the volume of traffic allowed to reach the device’s Ethernet port.
  • Implement rate‑limiting or MAC‑based filtering on the Ethernet interface to mitigate flooding attempts.

Generated by OpenCVE AI on June 19, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
Description Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time, increasing the processing load of the product, preventing the internal anomaly-detection processing from being performed, and causing the communication function to stop.
Title Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series FX5-ENET/IP Ethernet module
Weaknesses CWE-440
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published:

Updated: 2026-06-19T02:31:04.534Z

Reserved: 2026-05-18T05:52:04.899Z

Link: CVE-2026-8806

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T04:30:05Z

Weaknesses
  • CWE-440

    Expected Behavior Violation