CVE-2026-1874 PUBLISHED

Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series EtherNet/IP module and Ethernet module

Assigner: Mitsubishi
Reserved: 04.02.2026 Published: 03.03.2026 Updated: 03.03.2026

Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all versions allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor Mitsubishi Electric Corporation
Product MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP
Versions Default: unaffected
  • Version versions 1.106 and prior is affected
Vendor Mitsubishi Electric Corporation
Product MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP
Versions Default: unaffected
  • Version All versions is affected

References

Problem Types

  • CWE-670 Always-Incorrect Control Flow Implementation CWE

Impacts

  • Denial-of-Service