CVE-2026-1874 identifies a critical vulnerability in Mitsubishi Electric Corporation's MELSEC iQ-F Series FX5-ENET/IP Ethernet Module (versions 1.106 and earlier) and all versions of the FX5-EIP EtherNet/IP Module. The vulnerability stems from an Always-Incorrect Control Flow Implementation (CWE-670), which means the device's internal control flow logic does not correctly handle certain network inputs, specifically UDP packets. An attacker can exploit this flaw remotely by sending a continuous stream of UDP packets to the affected modules, causing them to enter an erroneous state that leads to a denial-of-service condition. This DoS manifests as the device becoming unresponsive and requiring a manual or automated system reset to restore normal operation. The vulnerability does not require any authentication or user interaction, making it easier to exploit remotely. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N) indicates network attack vector, low complexity, no privileges or user interaction needed, and a high impact on availability. The affected products are industrial Ethernet communication modules widely used in Mitsubishi Electric's MELSEC iQ-F Series programmable logic controllers (PLCs), which are integral components in industrial automation and control systems. No patches or mitigations are currently linked, and no known exploits have been reported in the wild as of the publication date. The vulnerability's root cause is a flawed control flow implementation that mishandles UDP packet processing, leading to system instability and forced resets.

The primary impact of CVE-2026-1874 is a denial-of-service condition on critical industrial Ethernet modules used in automation and control environments. Organizations relying on Mitsubishi Electric's MELSEC iQ-F Series PLCs for manufacturing, utilities, or infrastructure control could experience unexpected downtime, disrupting production lines, process controls, or critical infrastructure operations. The forced system reset required to recover from the DoS may lead to operational delays, safety risks, and financial losses. Since the vulnerability can be exploited remotely without authentication or user interaction, attackers can launch attacks from anywhere on the network or potentially from the internet if the devices are exposed. This increases the risk of targeted attacks or opportunistic disruptions by threat actors. Although no known exploits are currently reported, the high CVSS score and ease of exploitation make this a significant threat to industrial control system (ICS) environments worldwide. The availability impact is high, while confidentiality and integrity are not directly affected. The vulnerability could also be leveraged as part of a larger attack chain to disrupt industrial processes.

1. Network Segmentation: Isolate MELSEC iQ-F Series FX5-ENET/IP and FX5-EIP modules on dedicated, secure industrial networks with strict access controls to limit exposure to untrusted networks. 2. Firewall and Filtering: Implement firewall rules to block or rate-limit unsolicited UDP traffic directed at the affected modules, especially from external or less trusted network segments. 3. Monitoring and Alerting: Deploy network monitoring solutions to detect unusual spikes or continuous UDP traffic targeting these modules and trigger alerts for investigation. 4. Vendor Coordination: Engage with Mitsubishi Electric for official patches or firmware updates addressing this vulnerability and apply them promptly once available. 5. Incident Response Planning: Prepare procedures to quickly reset affected devices safely and restore operations if a DoS condition occurs. 6. Access Control: Restrict network access to the modules to authorized personnel and systems only, using VPNs or secure remote access methods. 7. Physical Security: Ensure physical access to the devices is controlled to prevent local exploitation or tampering. 8. Regular Audits: Conduct periodic security assessments of industrial control networks to identify and remediate exposure to this and similar vulnerabilities. These measures go beyond generic advice by focusing on network-level protections and operational readiness specific to industrial Ethernet modules.