CVE-2026-1875
Received Received - Intake
Improper Resource Release in Mitsubishi FX5-EIP Causes DoS

Publication date: 2026-03-03

Last updated on: 2026-04-30

Assigner: Mitsubishi Electric Corporation

Description
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-03
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-03-03
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1875
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mitsubishielectric melsec_iq-f_fx5-eip_firmware to 1.000 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Improper Resource Shutdown or Release issue found in the Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP across all versions. It allows a remote attacker to cause a denial-of-service (DoS) condition by continuously sending UDP packets to the affected products.

The attack forces the product into a state where it becomes unresponsive and requires a system reset to recover.

Impact Analysis

The vulnerability can impact you by causing a denial-of-service (DoS) condition on the affected Mitsubishi Electric products. This means that the device can become unresponsive or unavailable due to continuous UDP packet attacks from a remote attacker.

Recovery from this condition requires a system reset, which could lead to downtime and potential disruption of operations relying on these devices.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, avoid allowing continuous UDP packets to be sent to the Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP. Since the vulnerability causes a denial-of-service condition requiring a system reset for recovery, monitoring and restricting UDP traffic to these devices is recommended.

If a denial-of-service condition occurs, perform a system reset of the affected product to recover normal operation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1875. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart