CVE-2026-1874
Control Flow Flaw in Mitsubishi FX5 Ethernet Modules Causes DoS
Publication date: 2026-03-03
Last updated on: 2026-05-04
Assigner: Mitsubishi Electric Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mitsubishielectric | melsec_iq-f_fx5-eip_firmware | to 1.000 (inc) |
| mitsubishielectric | melsec_iq-f_fx5-enet/ip_firmware | to 1.106 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-670 | The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the firmware of the FX5-ENET/IP Ethernet Module to version 1.107 or later, which contains a fix for CVE-2026-1874.
For FX5-EIP EtherNet/IP Modules, since all versions are affected and no fixed version is currently available, users should apply recommended mitigations.
- Use firewalls, VPNs, or similar network security measures to prevent unauthorized access, especially from the internet.
- Operate the affected modules within a trusted LAN environment and block untrusted network access.
- Utilize the productβs IP filter function to block untrusted hosts.
- Restrict physical access to the devices and connected network equipment.
- Install antivirus software on PCs that have access to the affected modules.
If further assistance is needed, users should contact their local Mitsubishi Electric representative or consult the support website.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-1874 is a vulnerability in Mitsubishi Electric's MELSEC iQ-F Series FX5-ENET/IP Ethernet Module (version 1.106 and earlier) and all versions of the FX5-EIP EtherNet/IP Module. It is caused by an Always-Incorrect Control Flow Implementation, which is a flaw in how the device processes network packets."}, {'type': 'paragraph', 'content': "This flaw allows a remote attacker to send continuous UDP packets to the affected devices, which exhausts the device's receive buffer. As a result, the device enters a denial-of-service (DoS) state and stops functioning properly until it is reset."}, {'type': 'paragraph', 'content': 'Recovery from this condition requires a system reset of the affected product.'}] [1, 2]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can cause a denial-of-service (DoS) condition on the affected Mitsubishi Electric modules, meaning the device will stop functioning correctly and become unavailable.'}, {'type': 'paragraph', 'content': "An attacker can remotely exploit this by continuously sending UDP packets, which exhausts the device's receive buffer and forces the device to require a system reset to recover."}, {'type': 'paragraph', 'content': 'This disruption can impact any systems or processes relying on these modules, potentially causing operational downtime or interruption in industrial or network environments where these devices are used.'}] [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'The vulnerability causes a denial-of-service (DoS) condition by exhausting the receive buffer when the affected Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP and FX5-EIP modules continuously receive UDP packets.'}, {'type': 'paragraph', 'content': 'Detection can involve monitoring for unusual or continuous UDP traffic targeting these devices, which may indicate exploitation attempts.'}, {'type': 'paragraph', 'content': 'Firmware version checks can be performed by referencing specific buffer memory addresses detailed in the respective user manuals downloadable from Mitsubishi Electricβs website to confirm if the device is running a vulnerable firmware version (FX5-ENET/IP version 1.106 or earlier, or any version of FX5-EIP).'}, {'type': 'paragraph', 'content': "While no explicit commands are provided in the resources, network administrators can use network monitoring tools or commands such as 'tcpdump' or 'Wireshark' to capture and analyze UDP traffic to the affected devices, for example:"}, {'type': 'list_item', 'content': 'tcpdump -i <interface> udp and host <device_ip>'}, {'type': 'list_item', 'content': 'Monitoring for high volumes of UDP packets to the device IP address may indicate an ongoing attack.'}] [1, 2]