CVE-2026-8806
Deferred Deferred - Pending Action

Denial-of-Service in Mitsubishi Electric MELSEC iQ-F FX5-ENET/IP Module

Vulnerability report for CVE-2026-8806, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-19

Last updated on: 2026-06-22

Assigner: Mitsubishi Electric Corporation

Description

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time, increasing the processing load of the product, preventing the internal anomaly-detection processing from being performed, and causing the communication function to stop.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-19
Last Modified
2026-06-22
Generated
2026-07-09
AI Q&A
2026-06-19
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mitsubishi_electric melsec_iq-f_series_fx5-enet/ip *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-440 A feature, API, or function does not perform according to its specification.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a denial-of-service (DoS) issue in the Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module. A remote attacker can exploit it by sending a large number of communication packets to the Ethernet port in a short period of time.

This flood of packets increases the processing load on the device, which prevents the internal anomaly-detection mechanisms from functioning properly and ultimately causes the communication function of the module to stop.

Impact Analysis

The impact of this vulnerability is a denial-of-service condition on the affected Ethernet module, which means the communication function of the device will stop working.

This can disrupt industrial or automation processes relying on this module, potentially causing operational downtime or loss of control over connected systems.

Detection Guidance

This vulnerability involves a denial-of-service condition caused by a large number of communication packets sent in a short period to the FX5-ENET/IP Ethernet module. Detection would involve monitoring network traffic for unusually high volumes of packets targeting the Ethernet port of the affected device.

Suggested commands to detect such activity could include using network monitoring tools or commands like 'tcpdump' or 'Wireshark' to capture and analyze traffic patterns, focusing on the IP address and port of the FX5-ENET/IP module.

  • tcpdump -i <interface> host <FX5-ENET/IP IP address> and port <target port>
  • wireshark filter: ip.addr == <FX5-ENET/IP IP address> && tcp.port == <target port>

Look for a sudden spike in packet rate or volume which could indicate an ongoing attack exploiting this vulnerability.

Mitigation Strategies

Immediate mitigation steps include restricting network access to the affected FX5-ENET/IP Ethernet module to prevent unauthorized or excessive communication packets.

  • Use firewalls to block or limit traffic to the Ethernet port of the FX5-ENET/IP module.
  • Implement VPNs to secure communication channels and restrict access.
  • Apply IP filtering to allow only trusted IP addresses to communicate with the device.
  • Limit physical access to the device to prevent direct network connections.

Mitsubishi Electric recommends migrating to the successor model, FX5-EIP EtherNet/IP Module, for a long-term solution.

Contact your local Mitsubishi Electric representative for further support and guidance.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8806. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart