CISA flags Mitsubishi FX5-EIP denial-of-service flaw
For exposed control networks, this is a patch-or-segment item, not a paperwork item.
TL;DR
CISA disclosed CVE-2026-8805, a high-severity integer overflow in Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP modules running version 1.000 or earlier. A remote attacker can trigger a denial-of-service condition by rapidly opening TCP connections. Defense-industrial-base contractors and MSPs running the modules should move to version 1.001 or later, or use firewall segmentation, LAN isolation and IP filtering to block untrusted hosts.
CISA republished Mitsubishi Electric’s advisory for CVE-2026-8805, covering MELSEC iQ-F Series FX5-EIP EtherNet/IP modules at version 1.000 or earlier. The flaw is an integer overflow or wraparound in the EtherNet/IP function, rated CVSS v3.1 7.5 and CVSS v4.0 8.7, that can let a remote attacker cause a denial-of-service condition by rapidly establishing TCP connections.
The practical instruction is straightforward: install fixed version 1.001 or later when available through Mitsubishi Electric’s download portal. If the module cannot be updated immediately, Mitsubishi recommends keeping the affected product inside a LAN, blocking access from untrusted networks and hosts with firewalls, using the module’s IP filter function, restricting physical access, and protecting connected PCs. For contractors and MSPs supporting factory automation environments, the risk is production interruption, not data theft.
Published ·Deep Fathom