PatchSiren cyber security CVE debrief
CVE-2026-1875 Unknown Vendor CVE debrief
CVE-2026-1875 is a high-severity denial-of-service issue in Mitsubishi Electric MELSEC iQ-F Series Ethernet/EtherNet/IP modules. The advisory says a remote attacker can repeatedly send UDP packets to drive uncontrolled receive-buffer consumption, leaving the module unavailable until a system reset. Mitsubishi Electric's Update A on 2026-05-07 revised the FX5-EIP affected/fixed-version details and added fixes.
- Vendor
- Unknown Vendor
- Product
- Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP <=1.106 vers:all/* MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP <=1.000
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-03
- Original CVE updated
- 2026-05-07
- Advisory published
- 2026-03-03
- Advisory updated
- 2026-05-07
Who should care
OT and ICS operators using MELSEC iQ-F FX5-EIP/FX5-ENET/IP modules, plant engineers, system integrators, and network/security teams that can expose these devices to untrusted networks.
Technical summary
The source advisory describes an improper resource shutdown/release in the Ethernet function of the MELSEC iQ-F Series FX5-EIP EtherNet/IP module. Repeated UDP traffic can exhaust receive buffers and trigger a denial-of-service condition. The issue is network-reachable (CVSS v3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and recovery requires a system reset. The vendor advisory lists fixed version 1.001 or later for FX5-EIP.
Defensive priority
High. Prioritize if the module is reachable from any untrusted network segment, because the impact is operational outage and recovery is not automatic.
Recommended defensive actions
- Verify whether your deployment includes the affected FX5-EIP or FX5-ENET/IP versions listed in the advisory.
- For FX5-EIP, install fixed version 1.001 or later using Mitsubishi Electric's documented update procedure.
- If immediate updating is not possible, place the device behind a firewall or VPN when internet access is required.
- Keep the affected product within a LAN and block access from untrusted networks and hosts.
- Use the product's IP filter function to block untrusted hosts.
- Restrict physical access to the affected product and to connected PCs and network devices.
- Apply standard protections on PCs that can access the device, including anti-virus software where appropriate.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-26-062-01 and Mitsubishi Electric's advisory PDF 2025-021. Both describe the same failure mode: improper resource shutdown/release in the Ethernet function, remote UDP packet flooding causing uncontrolled receive-buffer consumption, DoS, and system reset required for recovery. The revision history shows 2026-05-07 Update A added fixes for FX5-EIP. The supplied source metadata also lists CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and a base score of 7.5.
Official resources
-
CVE-2026-1875 CVE record
CVE.org
-
CVE-2026-1875 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
First published in the supplied source corpus on 2026-03-03 as CISA advisory ICSA-26-062-01, corresponding to Mitsubishi Electric advisory 2025-021. CISA issued Update A on 2026-05-07 after earlier revision activity on 2026-04-28 to refine