These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-2399 affects multiple Mitsubishi Electric CNC Series products and can let a remote attacker send specially crafted packets to TCP port 683 to trigger an out-of-bounds read and deny service. The public advisory maps the issue to CWE-1285 and recommends fixed firmware for some models plus network-hardening mitigations for systems that cannot be updated immediately.
CVE-2026-1876 affects Mitsubishi Electric MELSEC iQ-F Series Ethernet modules, including FX5-ENET/IP and FX5-EIP. The advisory says a remote attacker can trigger uncontrolled receive buffer consumption by continuously sending UDP packets, leading to a denial-of-service condition that requires a system reset for recovery. CISA published the advisory on 2026-03-03 and issued Update A on 2026-05-07.
CVE-2026-1874 is a high-severity, network-reachable denial-of-service vulnerability affecting Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP and Ethernet modules. According to the advisory, a remote attacker can continuously send UDP packets and drive uncontrolled receive buffer consumption, which can force the affected module into a denial-of-service state. Recovery requires a system reset. The vendo [truncated]