CVE-2026-8805
Received Received - Intake
Integer Overflow Leading to DoS in Mitsubishi Electric MELSEC iQ-F FX5-EIP

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: Mitsubishi Electric Corporation

Description
Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection management process and triggering improper memory access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2026-8805
EUVD
EUVD-2026-37973
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mitsubishi_electric fx5_eip to 1.001 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-8805 is an integer overflow or wraparound vulnerability in the EtherNet/IP function of the Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module, specifically in versions 1.000 and earlier.

This vulnerability allows a remote attacker to rapidly establish a large number of TCP connections to the affected device, causing inconsistencies in the internal connection management process and triggering improper memory access.

As a result, the device can enter a denial-of-service (DoS) state, disrupting its normal operation.

Impact Analysis

This vulnerability can cause a denial-of-service (DoS) condition on the affected Mitsubishi Electric FX5-EIP EtherNet/IP module.

An attacker can remotely disrupt the device's operation by overwhelming it with many TCP connections, leading to service interruption.

Such disruption can affect any systems or processes relying on this module for network communication, potentially causing downtime or loss of functionality.

Detection Guidance

This vulnerability can be detected by checking the firmware version of the FX5-EIP EtherNet/IP module. The affected versions are 1.000 and earlier.

Users can verify the firmware version via the module's status information as described in the user manual.

Additionally, monitoring the network for an unusually large number of TCP connections rapidly established to the FX5-EIP module may indicate exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include updating the FX5-EIP module firmware to version 1.001 or later, which contains the fix for this vulnerability.

  • Use firewalls to restrict access to the affected device.
  • Implement VPNs and IP filtering to limit network exposure.
  • Restrict physical and network access to the device.
  • Install antivirus software on connected systems to help prevent exploitation.

For further assistance, contact Mitsubishi Electric's local representatives.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8805. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart