CVE-2026-8805

HIGH

Mitsubishi Electric MELSEC iQ-F FX5-EIP <= 1.000 - TCP Connection Denial of Service

Title source: manual
STIX 2.1

Description

Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection management process and triggering improper memory access.

References (3)

Core 3
Core References
Government Resource government-resource
https://jvn.jp/vu/JVNVU97140216/
Government Resource government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-05

Scores

CVSS v4 8.7
EPSS 0.0038
EPSS Percentile 29.9%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-190
Status published
Products (1)
Mitsubishi Electric Corporation/Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior
Published Jun 19, 2026
Tracked Since Jun 19, 2026