Mitsubishi Electric Melsec Iq F Series Fx5 Eip Ethernet Ip Module Fx5 Eip
Monthly
Denial-of-service in Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module (versions 1.000 and prior) allows a remote unauthenticated attacker to crash the device by rapidly opening many TCP connections, which trips an integer overflow in the EtherNet/IP connection-management logic and triggers improper memory access. No public exploit identified at time of analysis, but the CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) and high availability impact make this a meaningful operational-technology (OT) concern for plants relying on the affected PLC module. Reported by the vendor and tracked in vendor PSIRT advisory 2026-002, JVN VU#97140216, and CISA ICS advisory ICSA-26-169-05.
Denial-of-service in Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module (versions 1.000 and prior) allows a remote unauthenticated attacker to crash the device by rapidly opening many TCP connections, which trips an integer overflow in the EtherNet/IP connection-management logic and triggers improper memory access. No public exploit identified at time of analysis, but the CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) and high availability impact make this a meaningful operational-technology (OT) concern for plants relying on the affected PLC module. Reported by the vendor and tracked in vendor PSIRT advisory 2026-002, JVN VU#97140216, and CISA ICS advisory ICSA-26-169-05.