CVE-2026-8805
HighCVSS 8.7Exploitation Probability (EPSS)
Low risk30th percentile - higher than 30% of all known CVEs
Summary
CVE-2026-8805 describes an integer overflow vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP module. This allows a remote attacker to cause a denial-of-service (DoS) condition by rapidly establishing a large number of TCP connections.
Risk Assessment
An attacker can disrupt the device's operation, leading to service availability issues. This may impact business operations and system security.
Recommendation
It is recommended to update the FX5-EIP module to the latest version to mitigate this vulnerability. Additionally, monitoring and limiting the number of TCP connections from external sources is advisable.
Original NVD description (English source)
Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection management process and triggering improper memory access.

