CVE-2026-1874

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-1874
Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/vu/JVNVU93286687/ Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-26-62-01 Third Party Advisory
https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-021_en.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mitsubishielectric:melsec_iq-f_fx5-eip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:melsec_iq-f_fx5-eip:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:mitsubishielectric:melsec_iq-f_fx5-enet\/ip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:melsec_iq-f_fx5-enet\/ip:-:*:*:*:*:*:*:*
History

04 May 2026, 14:27

Type Values Removed Values Added
CPE cpe:2.3:h:mitsubishielectric:melsec_iq-f_fx5-eip:-:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:melsec_iq-f_fx5-enet\/ip:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:melsec_iq-f_fx5-eip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:melsec_iq-f_fx5-enet\/ip_firmware:*:*:*:*:*:*:*:*
References () https://jvn.jp/vu/JVNVU93286687/ - () https://jvn.jp/vu/JVNVU93286687/ - Third Party Advisory
References () https://www.cisa.gov/news-events/ics-advisories/icsa-26-62-01 - () https://www.cisa.gov/news-events/ics-advisories/icsa-26-62-01 - Third Party Advisory
References () https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-021_en.pdf - () https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-021_en.pdf - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
First Time Mitsubishielectric melsec Iq-f Fx5-eip
Mitsubishielectric
Mitsubishielectric melsec Iq-f Fx5-enet\/ip Firmware
Mitsubishielectric melsec Iq-f Fx5-eip Firmware
Mitsubishielectric melsec Iq-f Fx5-enet\/ip

24 Apr 2026, 08:16

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de implementación de flujo de control siempre incorrecto en Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versiones 1.106 y anteriores y Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP todas las versiones permite a un atacante remoto causar una condición de denegación de servicio (DoS) en los productos al enviar continuamente paquetes UDP a los productos. Se requiere un reinicio del sistema del producto para la recuperación.
Summary (en) Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all versions allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery. (en) Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery.

04 Mar 2026, 09:15

Type Values Removed Values Added
References
  • () https://www.cisa.gov/news-events/ics-advisories/icsa-26-62-01 -

03 Mar 2026, 07:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-03 07:16

Updated : 2026-05-04 14:27

NVD link : CVE-2026-1874

Mitre link : CVE-2026-1874

CVE.ORG link : CVE-2026-1874

JSON object : View

Products Affected

mitsubishielectric

  • melsec_iq-f_fx5-eip_firmware
  • melsec_iq-f_fx5-enet\/ip
  • melsec_iq-f_fx5-eip
  • melsec_iq-f_fx5-enet\/ip_firmware
CWE
CWE-670

Always-Incorrect Control Flow Implementation