CVE-2026-8806
Received Received - Intake
Denial-of-Service in Mitsubishi Electric MELSEC iQ-F FX5-ENET/IP Module

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: Mitsubishi Electric Corporation

Description
Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time, increasing the processing load of the product, preventing the internal anomaly-detection processing from being performed, and causing the communication function to stop.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2026-8806
EUVD
EUVD-2026-37975
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mitsubishi_electric melsec_iq-f_series_fx5-enet/ip *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-440 A feature, API, or function does not perform according to its specification.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability is a denial-of-service (DoS) issue in the Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module. A remote attacker can exploit it by sending a large number of communication packets to the Ethernet port in a short period of time.

This flood of packets increases the processing load on the device, which prevents the internal anomaly-detection mechanisms from functioning properly and ultimately causes the communication function of the module to stop.

Impact Analysis

The impact of this vulnerability is a denial-of-service condition on the affected Ethernet module, which means the communication function of the device will stop working.

This can disrupt industrial or automation processes relying on this module, potentially causing operational downtime or loss of control over connected systems.

Detection Guidance

This vulnerability involves a denial-of-service condition caused by a large number of communication packets sent in a short period to the FX5-ENET/IP Ethernet module. Detection would involve monitoring network traffic for unusually high volumes of packets targeting the Ethernet port of the affected device.

Suggested commands to detect such activity could include using network monitoring tools or commands like 'tcpdump' or 'Wireshark' to capture and analyze traffic patterns, focusing on the IP address and port of the FX5-ENET/IP module.

  • tcpdump -i <interface> host <FX5-ENET/IP IP address> and port <target port>
  • wireshark filter: ip.addr == <FX5-ENET/IP IP address> && tcp.port == <target port>

Look for a sudden spike in packet rate or volume which could indicate an ongoing attack exploiting this vulnerability.

Mitigation Strategies

Immediate mitigation steps include restricting network access to the affected FX5-ENET/IP Ethernet module to prevent unauthorized or excessive communication packets.

  • Use firewalls to block or limit traffic to the Ethernet port of the FX5-ENET/IP module.
  • Implement VPNs to secure communication channels and restrict access.
  • Apply IP filtering to allow only trusted IP addresses to communicate with the device.
  • Limit physical access to the device to prevent direct network connections.

Mitsubishi Electric recommends migrating to the successor model, FX5-EIP EtherNet/IP Module, for a long-term solution.

Contact your local Mitsubishi Electric representative for further support and guidance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8806. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart