Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet module

Plan PatchCVSS 7.5ICS-CERT ICSA-26-062-01Mar 3, 2026

Mitsubishi ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The MELSEC iQ-F Series FX5-ENET/IP Ethernet Module and FX5-EIP EtherNet/IP Module contain a vulnerability that allows a remote attacker to cause a denial-of-service condition by sending specially crafted UDP packets. The module does not properly validate or limit incoming UDP traffic, causing it to become unresponsive and severing network communication with the PLC. The FX5-ENET/IP has been patched in version 1.107 or later. The FX5-EIP has no patch planned and remains vulnerable in all versions.

What this means

What could happen

An attacker can send crafted UDP packets to crash the EtherNet/IP or Ethernet modules, causing the PLC to lose network communication and stop responding to commands or monitoring instructions.

Who's at risk

Water authorities and electric utilities operating Mitsubishi Electric MELSEC iQ-F Series PLCs with FX5-ENET/IP or FX5-EIP modules should be concerned. These modules provide network connectivity for remote monitoring and control; if they become unavailable due to a denial-of-service attack, operators lose visibility and command capability over process equipment.

How it could be exploited

An attacker with network access to the EtherNet/IP or Ethernet module can send a continuous stream of malformed UDP packets. The module fails to properly validate or rate-limit these packets, exhausting memory or processor resources until the module becomes unresponsive and communication with the PLC is lost.

Prerequisites

Network access to UDP port on the affected module
Module must be reachable from an untrusted network segment

remotely exploitableno authentication requiredlow complexityhigh CVSS score (7.5)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (3)

2 with fix1 EOL

ProductAffected VersionsFix Status

MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP: vers:all/*All versions1.107+

MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP: <=1.106≤ 1.1061.107+

MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGRestrict network access to the EtherNet/IP and Ethernet modules using firewall rules to only allow traffic from authorized engineering workstations and SCADA systems

WORKAROUNDDisable direct inbound UDP access from untrusted networks to the affected modules if they do not need to accept unsolicited remote connections

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FX5-ENET/IP modules to firmware version 1.107 or later

CVEs (3)

CVE-2026-1874 CVE-2026-1875 CVE-2026-1876

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/22e993c5-d65b-47b9-84cb-049e5731671b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.