PatchSiren

Mitsubishi Electric Corporation CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Mitsubishi Electric Corporation CVE published 2026-06-19

CVE-2026-8806

A HIGH severity vulnerability (CVSS Score: 8.7) was found in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP. The issue is an Expected Behavior Violation that allows a remote attacker to cause a denial-of-service (DoS) condition. By continuously sending a large number of communication packets to the Ethernet port in a short period, an attacker can increase the processing loa [truncated]

HIGH Mitsubishi Electric Corporation CVE published 2026-06-17

CVE-2026-5667

A high-severity vulnerability, CVE-2026-5667, has been disclosed in multiple Mitsubishi Electric devices, including room air conditioners, refrigerators, and heat pump water heaters. An attacker within Wi-Fi radio range can access affected products using a hard-coded SSID and password, potentially obtaining device data, modifying settings, or causing a denial-of-service (DoS) condition. Users of these dev [truncated]

MEDIUM Mitsubishi Electric Corporation CVE published 2026-03-10

CVE-2025-2399

CVE-2025-2399 affects multiple Mitsubishi Electric CNC Series products and can let a remote attacker send specially crafted packets to TCP port 683 to trigger an out-of-bounds read and deny service. The public advisory maps the issue to CWE-1285 and recommends fixed firmware for some models plus network-hardening mitigations for systems that cannot be updated immediately.

HIGH Mitsubishi Electric Corporation CVE published 2026-03-03

CVE-2026-1876

CVE-2026-1876 affects Mitsubishi Electric MELSEC iQ-F Series Ethernet modules, including FX5-ENET/IP and FX5-EIP. The advisory says a remote attacker can trigger uncontrolled receive buffer consumption by continuously sending UDP packets, leading to a denial-of-service condition that requires a system reset for recovery. CISA published the advisory on 2026-03-03 and issued Update A on 2026-05-07.

HIGH Mitsubishi Electric Corporation CVE published 2026-03-03

CVE-2026-1874

CVE-2026-1874 is a high-severity, network-reachable denial-of-service vulnerability affecting Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP and Ethernet modules. According to the advisory, a remote attacker can continuously send UDP packets and drive uncontrolled receive buffer consumption, which can force the affected module into a denial-of-service state. Recovery requires a system reset. The vendo [truncated]

MEDIUM Mitsubishi Electric Corporation CVE published 2025-07-03

CVE-2025-5241

CVE-2025-5241 is a medium-severity availability issue in Mitsubishi Electric's MELSEC iQ-F series. A remote attacker can trigger a temporary account lockout by repeatedly submitting incorrect passwords, which can prevent legitimate access to affected controllers until the lockout expires.

HIGH Mitsubishi Electric Corporation CVE published 2024-11-19

CVE-2024-8403

A denial-of-service vulnerability exists in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET and FX5-ENET/IP modules due to improper input validation. A remote, unauthenticated attacker can disrupt Ethernet communication by sending specially crafted SLMP packets. The vulnerability was initially disclosed on November 19, 2024, and subsequently updated on March 31, 2026, to revise the affected product versio [truncated]

MEDIUM Mitsubishi Electric Corporation CVE published 2024-10-17

CVE-2024-7316

A denial-of-service vulnerability in Mitsubishi Electric CNC Series allows unauthenticated remote attackers to disrupt operations by sending crafted packets to TCP port 683. The vulnerability affects 18 product variants across the M800, M80, M750/M730/M720, M70, E80, C80, E70, and NC Trainer2 series. CISA published the initial advisory on October 17, 2024, with subsequent updates through December 18, 2025 [truncated]