CVE-2026-1874

Summary

Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.

Affected Software

VendorProductVersion RangeStatus
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IPversions 1.106 and prioraffected
Mitsubishi Electric CorporationMELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIPversions 1.000 and prioraffected

Weaknesses

  • CWE-670: CWE-670 Always-Incorrect Control Flow Implementation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References