Mitsubishi Electric MELSEC iQ-F Series

MonitorCVSS 7.5ICS-CERT ICSA-26-169-05Jun 18, 2026

Mitsubishi ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in the MELSEC iQ-F Series FX5-EIP EtherNet/IP Module (firmware version 1.000 and earlier) allows a remote attacker to cause a denial-of-service condition by establishing a large number of rapid TCP connections to the module. This causes an inconsistency in the product's internal connection management and triggers improper memory access, potentially crashing the module.

What this means

What could happen

An attacker could flood the EtherNet/IP module with TCP connections, causing memory errors and disabling communication on the PLC module. This could halt process control if the module is critical to network communication or synchronization.

Who's at risk

Any site running Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP modules for plant communication should review this. This includes water utilities, electric utilities, and manufacturing facilities that use Mitsubishi FX5 series PLCs with networked EtherNet/IP modules for real-time process control or remote monitoring.

How it could be exploited

An attacker on the network sends a rapid series of TCP connection requests to the EtherNet/IP module's listening port. The module's connection management fails to properly handle the load, triggering a memory access fault that crashes or destabilizes the module.

Prerequisites

Network reachability to the EtherNet/IP module TCP port
No authentication required

remotely exploitableno authentication requiredlow complexityhigh CVSS (7.5)

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (1)

ProductAffected VersionsFix Status

MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP≤ 1.000Fix available

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDConfigure firewall rules to restrict TCP connections to the EtherNet/IP module from untrusted networks and hosts

WORKAROUNDEnable the IP filter function on the affected EtherNet/IP module to block connections from unauthorized hosts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MELSEC iQ-F Series FX5-EIP EtherNet/IP Module to firmware version 1.001 or later

Long-term hardening

0/2

HARDENINGIsolate the MELSEC iQ-F Series PLC and EtherNet/IP module to a dedicated LAN segment; restrict external network access

HARDENINGIf internet access to the PLC network is required, deploy a VPN gateway to control and authenticate remote connections

CVEs (1)

CVE-2026-8805

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5a677ad0-6a0e-4886-8077-dfe873744c7f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.