Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet module

Plan Patch7.5ICS-CERT ICSA-26-062-01Mar 3, 2026

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The MELSEC iQ-F Series Ethernet modules (FX5-ENET/IP and FX5-EIP) contain improper input validation flaws (CWE-670, CWE-404) that allow remote attackers to cause a denial-of-service condition. By sending continuous UDP packets to the Ethernet module, an attacker can exhaust module resources, causing it to become unresponsive. The modules fail to properly validate or rate-limit incoming UDP traffic before processing.

What this means

What could happen

An attacker can send specially crafted UDP packets to crash or freeze the Ethernet module, causing the PLC to become unresponsive and disrupting any automated processes it controls (pumping, power distribution, valve operation, etc.).

Who's at risk

Water utilities and electric utilities using Mitsubishi Electric MELSEC iQ-F Series programmable logic controllers (PLCs) with FX5-ENET/IP or FX5-EIP Ethernet modules for remote communications. The modules are commonly used in SCADA systems for water pumping, power distribution automation, and industrial processes.

How it could be exploited

An attacker with network access to the Ethernet module sends a continuous stream of UDP packets. The module fails to properly handle these packets, consuming resources until the device becomes unresponsive and stops communicating with the PLC and connected systems.

Prerequisites

Network access to the Ethernet module on the UDP port it listens on
No authentication required
The Ethernet module must be connected to a network reachable from the attacker

remotely exploitableno authentication requiredlow complexityno patch available for FX5-EIP (all versions)affects industrial control systemsUDP-based attack requires no special tools

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (3)

2 with fix1 EOL

ProductAffected VersionsFix Status

MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP: vers:all/*All versions1.107 or later

MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP: <=1.106≤ 1.1061.107 or later

MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGImplement network segmentation and firewall rules to restrict UDP access to the Ethernet module from untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FX5-ENET/IP module firmware to version 1.107 or later (available from Mitsubishi Electric download portal)

Mitigations - no patch available

0/1

MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor network traffic to the Ethernet module for unusual UDP packet patterns

CVEs (3)

CVE-2026-1874 CVE-2026-1875 CVE-2026-1876

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/22e993c5-d65b-47b9-84cb-049e5731671b