CISA 2026-06-18

Mitsubishi Electric MELSEC iQ-F Series

CVE-2026-8805

Machine-generated analysis · WAYSCloud LLM

The affected module may enter a denial-of-service state due to improper handling of rapid TCP connections, leading to memory access issues.

Context

The Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP Module is an industrial automation component used for network communication in control systems. The advisory states that an integer overflow vulnerability exists in versions 1.000 and earlier, which could be exploited remotely to trigger a denial-of-service condition. Exploitation occurs by rapidly establishing many TCP connections, causing inconsistencies in internal connection management. The vendor attributes the issue specifically to wraparound behavior in connection tracking logic.

Operator considerations

Check: Inventory all instances of the MELSEC iQ-F Series FX5-EIP module running version 1.000 or earlier.
Patch: Upgrade to version 1.001 or later using the update file from the vendor's download page.
Log: Monitor network traffic for repeated, rapid TCP connection attempts to the module's IP address if logging is available.

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection management process and triggering improper memory access.

The following versions of Mitsubishi Electric MELSEC iQ-F Series are affected:

MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP

Read the full advisory on CISA →