Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Module

MonitorCVSS 7.5ICS-CERT ICSA-26-169-06Jun 18, 2026

Mitsubishi ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial-of-service vulnerability exists in the MELSEC iQ-F Series FX5-ENET/IP Ethernet Module affecting all versions. A remote attacker can send a large number of communication packets to the module's Ethernet port, overwhelming the processor and causing the communication function to stop. This prevents the module from processing legitimate traffic and performing its anomaly-detection function. The vulnerability has no planned patch from Mitsubishi Electric. Workarounds include network isolation, firewall rules, and the module's built-in IP filter function.

What this means

What could happen

An attacker could flood the Ethernet module with packets to overwhelm it, causing the communication function to stop and disrupting data exchange between your PLC and other network devices. This could halt remote monitoring, control commands, or inter-device communication depending on your network architecture.

Who's at risk

Energy sector operators, particularly electric utilities and water authorities, who use Mitsubishi Electric MELSEC iQ-F Series FX5 PLCs with FX5-ENET/IP Ethernet modules for SCADA, remote monitoring, or inter-device communication should implement immediate network controls. Any facility relying on this module for critical process communication is at risk if the module is reachable from untrusted networks.

How it could be exploited

An attacker on the network (or the internet if the module is exposed) sends a high volume of packets to the Ethernet port of the FX5-ENET/IP module. The module's CPU becomes overloaded processing these packets, its internal anomaly detection fails, and the communication function stops responding to legitimate traffic.

Prerequisites

Network access to the Ethernet port of the FX5-ENET/IP module
Ability to send high-volume packet traffic to the module's IP address

remotely exploitableno authentication requiredlow complexityno patch availabledenial-of-service condition

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (1)

ProductAffected VersionsFix Status

MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IPAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGDeploy a firewall rule to restrict inbound access to the FX5-ENET/IP module to only trusted hosts and networks; block all untrusted external network traffic to the module's IP address and Ethernet port.

WORKAROUNDEnable and configure the IP filter function on the FX5-ENET/IP module (see section 13.1 of the MELSEC iQ-F FX5 User's Manual - Communication) to explicitly block packets from untrusted hosts and networks.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGRestrict physical access to the FX5-ENET/IP module, the PLC it is connected to, and all network infrastructure (switches, routers) that the module communicates with.

Mitigations - no patch available

0/2

MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate the FX5-ENET/IP module and its connected PLC to a protected LAN segment; do not expose the module directly to the internet or untrusted networks.

HARDENINGIf internet access to the module is required, route all traffic through a VPN or firewall with rate-limiting and DDoS protection to prevent packet flooding attacks.

CVEs (1)

CVE-2026-8806

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/38401747-4fa5-4eec-8be0-f3adea739e0b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.