Mitigation Strategies

Immediate mitigation steps include updating the firmware of the FX5-ENET/IP Ethernet Module to version 1.107 or later, which contains a fix for CVE-2026-1874.

For FX5-EIP EtherNet/IP Modules, since all versions are affected and no fixed version is currently available, users should apply recommended mitigations.

• Use firewalls, VPNs, or similar network security measures to prevent unauthorized access, especially from the internet.
• Operate the affected modules within a trusted LAN environment and block untrusted network access.
• Utilize the product’s IP filter function to block untrusted hosts.
• Restrict physical access to the devices and connected network equipment.
• Install antivirus software on PCs that have access to the affected modules.

If further assistance is needed, users should contact their local Mitsubishi Electric representative or consult the support website.

Useful 0 Not Useful 0

Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-1874 is a vulnerability in Mitsubishi Electric's MELSEC iQ-F Series FX5-ENET/IP Ethernet Module (version 1.106 and earlier) and all versions of the FX5-EIP EtherNet/IP Module. It is caused by an Always-Incorrect Control Flow Implementation, which is a flaw in how the device processes network packets."}, {'type': 'paragraph', 'content': "This flaw allows a remote attacker to send continuous UDP packets to the affected devices, which exhausts the device's receive buffer. As a result, the device enters a denial-of-service (DoS) state and stops functioning properly until it is reset."}, {'type': 'paragraph', 'content': 'Recovery from this condition requires a system reset of the affected product.'}] [1, 2]

Useful 0 Not Useful 0

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can cause a denial-of-service (DoS) condition on the affected Mitsubishi Electric modules, meaning the device will stop functioning correctly and become unavailable.'}, {'type': 'paragraph', 'content': "An attacker can remotely exploit this by continuously sending UDP packets, which exhausts the device's receive buffer and forces the device to require a system reset to recover."}, {'type': 'paragraph', 'content': 'This disruption can impact any systems or processes relying on these modules, potentially causing operational downtime or interruption in industrial or network environments where these devices are used.'}] [1, 2]

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'The vulnerability causes a denial-of-service (DoS) condition by exhausting the receive buffer when the affected Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP and FX5-EIP modules continuously receive UDP packets.'}, {'type': 'paragraph', 'content': 'Detection can involve monitoring for unusual or continuous UDP traffic targeting these devices, which may indicate exploitation attempts.'}, {'type': 'paragraph', 'content': 'Firmware version checks can be performed by referencing specific buffer memory addresses detailed in the respective user manuals downloadable from Mitsubishi Electric’s website to confirm if the device is running a vulnerable firmware version (FX5-ENET/IP version 1.106 or earlier, or any version of FX5-EIP).'}, {'type': 'paragraph', 'content': "While no explicit commands are provided in the resources, network administrators can use network monitoring tools or commands such as 'tcpdump' or 'Wireshark' to capture and analyze UDP traffic to the affected devices, for example:"}, {'type': 'list_item', 'content': 'tcpdump -i <interface> udp and host <device_ip>'}, {'type': 'list_item', 'content': 'Monitoring for high volumes of UDP packets to the device IP address may indicate an ongoing attack.'}] [1, 2]

Useful 0 Not Useful 0