CVE-2024-8403 Mitsubishi Electric Corporation CVE debrief

Who should care

Industrial control system operators, OT security teams, and manufacturing organizations using Mitsubishi Electric MELSEC iQ-F Series PLCs with FX5-ENET or FX5-ENET/IP communication modules.

Technical summary

The vulnerability stems from improper validation of SLMP (Seamless Message Protocol) packets in the Ethernet communication stack of affected MELSEC iQ-F modules. A remote attacker can send malformed packets that cause the module's Ethernet communication to fail, resulting in denial-of-service conditions for connected industrial control systems. The attack requires no authentication and can be executed from any network position with connectivity to the target module.

Defensive priority

HIGH

Recommended defensive actions

• Apply vendor firmware updates: upgrade FX5-ENET to version 1.210 or later, and FX5-ENET/IP to version 1.106 or later.
• Deploy affected modules within isolated LAN segments and restrict access using firewalls to block untrusted network traffic.
• Enable IP filter functions on affected modules to block access from untrusted hosts per MELSEC iQ-F FX5 User's Manual (Communication) section 13.1.
• Restrict physical access to affected modules and associated network infrastructure.
• Use VPNs or equivalent controls when internet connectivity is required for remote access.

Evidence notes

The vulnerability affects MELSEC iQ-F Series FX5-ENET versions 1.100 through 1.200 and FX5-ENET/IP versions 1.100 through 1.104. The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H indicates network attack vector with low complexity, no privileges required, no user interaction, and high availability impact. The SSVCv2 notation E:N/A:Y/T:P/2026-03-31T00:00:00Z/ indicates no known exploitation, automatable attack, and targeted threat scenario with a future review date.

Official resources