PatchSiren cyber security CVE debrief
CVE-2026-1876 Mitsubishi Electric Corporation CVE debrief
CVE-2026-1876 affects Mitsubishi Electric MELSEC iQ-F Series Ethernet modules, including FX5-ENET/IP and FX5-EIP. The advisory says a remote attacker can trigger uncontrolled receive buffer consumption by continuously sending UDP packets, leading to a denial-of-service condition that requires a system reset for recovery. CISA published the advisory on 2026-03-03 and issued Update A on 2026-05-07.
- Vendor
- Mitsubishi Electric Corporation
- Product
- Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP <=1.106 vers:all/* MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP <=1.000
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-03
- Original CVE updated
- 2026-05-07
- Advisory published
- 2026-03-03
- Advisory updated
- 2026-05-07
Who should care
Operators, integrators, and network/security teams responsible for Mitsubishi Electric MELSEC iQ-F Series systems, especially where FX5-ENET/IP or FX5-EIP modules are reachable from broader plant networks, remote access paths, or untrusted segments.
Technical summary
The issue is described as an improper resource shutdown or release in the Ethernet function of the MELSEC iQ-F Series FX5-ENET/IP Ethernet module. An attacker on a reachable network can repeatedly send UDP traffic and exhaust receive buffers, causing availability loss rather than direct code execution. The supplied advisory lists CVSS v3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, and states that recovery requires a system reset. The advisory revision history also shows an Update A on 2026-05-07 that added fixes for FX5-EIP.
Defensive priority
High. This is a network-reachable availability issue in industrial equipment, can be triggered without authentication, and may interrupt operations until a reset is performed. Prioritize segmentation, filtering, and asset-specific review of the latest vendor advisory.
Recommended defensive actions
- Place affected modules behind a firewall and keep them on a trusted LAN; do not expose them to untrusted networks.
- If remote connectivity is required, use a VPN and tightly restrict who can reach the device.
- Use the product IP filter function to block access from untrusted hosts.
- Restrict physical access to the affected product and to connected PCs and network devices.
- Apply the latest vendor guidance for FX5-EIP from the 2026-05-07 Update A and verify whether a fixed release applies to your deployment.
- Review the Mitsubishi Electric PSIRT advisory and CISA advisory for the exact affected versions and mitigation details.
- Maintain standard malware protection on PCs that can access the device, as recommended by the vendor.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-26-062-01 and the linked Mitsubishi Electric PSIRT advisory. The source states the vulnerability is a denial-of-service issue caused by continuous UDP packet reception and that a system reset is required for recovery. The advisory uses CVSS v3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The supplied revision history shows initial publication on 2026-03-03 and Update A on 2026-05-07.
Official resources
-
CVE-2026-1876 CVE record
CVE.org
-
CVE-2026-1876 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published 2026-03-03; modified 2026-05-07 (Update A).