CVE-2026-8805
Deferred Deferred - Pending Action

Integer Overflow Leading to DoS in Mitsubishi Electric MELSEC iQ-F FX5-EIP

Vulnerability report for CVE-2026-8805, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-19

Last updated on: 2026-06-22

Assigner: Mitsubishi Electric Corporation

Description

Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection management process and triggering improper memory access.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-19
Last Modified
2026-06-22
Generated
2026-07-09
AI Q&A
2026-06-19
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mitsubishi_electric fx5_eip to 1.001 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-8805 is an integer overflow or wraparound vulnerability in the EtherNet/IP function of the Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module, specifically in versions 1.000 and earlier.

This vulnerability allows a remote attacker to rapidly establish a large number of TCP connections to the affected device, causing inconsistencies in the internal connection management process and triggering improper memory access.

As a result, the device can enter a denial-of-service (DoS) state, disrupting its normal operation.

Impact Analysis

This vulnerability can cause a denial-of-service (DoS) condition on the affected Mitsubishi Electric FX5-EIP EtherNet/IP module.

An attacker can remotely disrupt the device's operation by overwhelming it with many TCP connections, leading to service interruption.

Such disruption can affect any systems or processes relying on this module for network communication, potentially causing downtime or loss of functionality.

Detection Guidance

This vulnerability can be detected by checking the firmware version of the FX5-EIP EtherNet/IP module. The affected versions are 1.000 and earlier.

Users can verify the firmware version via the module's status information as described in the user manual.

Additionally, monitoring the network for an unusually large number of TCP connections rapidly established to the FX5-EIP module may indicate exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include updating the FX5-EIP module firmware to version 1.001 or later, which contains the fix for this vulnerability.

  • Use firewalls to restrict access to the affected device.
  • Implement VPNs and IP filtering to limit network exposure.
  • Restrict physical and network access to the device.
  • Install antivirus software on connected systems to help prevent exploitation.

For further assistance, contact Mitsubishi Electric's local representatives.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8805. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart