CVE-2026-1875 identifies a vulnerability in Mitsubishi Electric Corporation's MELSEC iQ-F Series FX5-EIP EtherNet/IP Module, which is widely used in industrial automation environments. The vulnerability is classified as CWE-404, indicating improper resource shutdown or release. Specifically, the device fails to properly handle continuous UDP packet traffic, leading to resource exhaustion or malfunction that causes the system to enter a denial-of-service (DoS) state. Recovery from this state requires a manual system reset, which interrupts normal operations. The vulnerability affects all versions of the FX5-EIP module and can be exploited remotely without any authentication or user interaction, making it highly accessible to attackers. The CVSS v4.0 base score is 8.7, reflecting high severity due to network attack vector, low complexity, no privileges or user interaction needed, and a high impact on availability. Although no public exploits have been reported yet, the critical nature of industrial control systems and the ease of exploitation make this a significant threat. The vulnerability could be leveraged to disrupt manufacturing lines, critical infrastructure, or other automated processes relying on these modules, potentially causing operational downtime and safety risks.

The primary impact of CVE-2026-1875 is a denial-of-service condition on Mitsubishi MELSEC iQ-F FX5-EIP modules, which are integral components in industrial automation and control systems. Organizations worldwide that depend on these modules for process control could experience unexpected system resets, leading to operational interruptions, production downtime, and potential safety hazards. In critical infrastructure sectors such as manufacturing, energy, and utilities, such disruptions could cascade into broader operational failures or safety incidents. The lack of authentication and user interaction requirements lowers the barrier for attackers, increasing the likelihood of exploitation. While no known exploits exist currently, the vulnerability's simplicity and severity make it a prime target for threat actors aiming to disrupt industrial environments. Recovery requires manual intervention, which may delay restoration of normal operations and increase incident response costs. Additionally, repeated exploitation attempts could degrade hardware or firmware stability over time.

To mitigate CVE-2026-1875, organizations should implement network segmentation to isolate MELSEC iQ-F FX5-EIP modules from untrusted networks, minimizing exposure to unsolicited UDP traffic. Deploying strict firewall rules to block or rate-limit UDP packets directed at these modules can prevent exploitation attempts. Continuous network monitoring and anomaly detection should be employed to identify unusual UDP traffic patterns indicative of an attack. Since no patches are currently available, organizations should engage with Mitsubishi Electric for updates or advisories and plan for timely firmware updates once released. Implementing redundant systems or failover mechanisms can reduce operational impact during a DoS event. Additionally, physical security controls and access restrictions to industrial control networks will help reduce the attack surface. Incident response plans should include procedures for rapid system resets and recovery to minimize downtime. Finally, educating operational technology (OT) personnel about this vulnerability and its indicators will enhance preparedness.