CISA Warns of Integer Overflow DoS Flaw in Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP Module
CISA disclosed CVE-2026-8805, an integer overflow vulnerability in Mitsubishi Electric's MELSEC iQ-F Series FX5-EIP EtherNet/IP Module, allowing remote denial-of-service via rapid TCP connections.
CISA has issued an advisory for CVE-2026-8805, an integer overflow or wraparound vulnerability affecting the Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP Module. The flaw, which carries a CVSS v3.1 base score of 7.5 (HIGH), allows a remote attacker to cause a denial-of-service (DoS) condition by rapidly establishing a large number of TCP connections to the affected device. This triggers an inconsistency in the product's internal connection management process, leading to improper memory access and system instability.
The vulnerability impacts all versions of the FX5-EIP EtherNet/IP Module up to and including version 1.000. The affected product is deployed worldwide across critical manufacturing sectors, with the vendor headquartered in Japan. Mitsubishi Electric has released a fixed version 1.001, which can be downloaded from the company's official download portal. The advisory also includes a link to the vendor's security bulletin for further details.
For organizations that cannot immediately apply the patch, Mitsubishi Electric recommends several mitigations. These include using firewalls and virtual private networks (VPNs) to prevent unauthorized access when internet connectivity is required, operating the affected product within a local area network (LAN) while blocking untrusted network traffic, and enabling the IP filter function on the device to restrict access from untrusted hosts. Additional recommendations include restricting physical access to the device and installing anti-virus software on connected PCs.
The vulnerability was reported to CISA by Mitsubishi Electric, and the advisory was converted directly from the vendor's Common Security Advisory Framework (CSAF) document. CISA has urged users to take defensive measures to minimize exploitation risk, including minimizing network exposure for all control system devices and ensuring they are not accessible from the internet. The agency also recommends locating control system networks behind firewalls and isolating them from business networks.
This advisory is part of a broader pattern of industrial control system (ICS) vulnerabilities disclosed by CISA in recent weeks, highlighting ongoing risks to critical infrastructure. The integer overflow flaw in the EtherNet/IP module is particularly concerning because it can be triggered remotely without authentication, making it an attractive target for attackers seeking to disrupt manufacturing operations. While no active exploitation has been reported at this time, the availability of a patch and clear mitigations should prompt immediate action from affected organizations.