CVE-2026-1875 identifies a vulnerability in the Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP Module, which is widely used in industrial control systems for automation. The vulnerability is classified under CWE-404, indicating improper resource shutdown or release. Specifically, the device fails to properly handle resource management when subjected to a flood of UDP packets. An unauthenticated remote attacker can exploit this by sending continuous UDP traffic to the module, causing it to enter a denial-of-service state. Recovery from this state requires a manual system reset, which interrupts normal operations. The vulnerability affects all versions of the FX5-EIP module, highlighting a systemic issue in the device’s network handling. The CVSS 4.0 base score is 8.7, reflecting high severity due to network attack vector, low attack complexity, no privileges or user interaction required, and a high impact on availability. The vulnerability does not affect confidentiality or integrity but severely impacts availability, which is critical in industrial environments. No patches or mitigations have been officially released yet, and no known exploits have been observed in the wild. The vulnerability’s exploitation could disrupt manufacturing lines, critical infrastructure, and other automated processes relying on these modules.

The primary impact of this vulnerability is a denial-of-service condition that disrupts the availability of the affected industrial control module. This can halt automated processes in manufacturing plants, utilities, and critical infrastructure, leading to operational downtime, financial losses, and potential safety hazards. Since the device requires a system reset to recover, prolonged outages could occur if the attack is sustained or if physical access to reset the device is limited. The lack of authentication and user interaction requirements makes the attack feasible from remote locations, increasing the risk of widespread disruption. Organizations relying on these modules for real-time control and monitoring may face significant operational risks, especially in sectors where uptime and reliability are paramount. Additionally, the vulnerability could be leveraged as part of a broader attack chain targeting industrial environments, amplifying its impact.

Until an official patch is released, organizations should implement network-level mitigations to reduce exposure. This includes segmenting the industrial control network from corporate and external networks, applying strict firewall rules to block unsolicited UDP traffic to the FX5-EIP modules, and monitoring network traffic for unusual UDP packet floods. Deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect anomalous UDP traffic patterns can help identify and block exploitation attempts. Physical security measures should ensure rapid access to devices for manual resets if needed. Organizations should also engage with Mitsubishi Electric for updates on patches or firmware upgrades addressing this vulnerability. Regular backups and incident response plans tailored to industrial control system outages will help minimize operational impact. Finally, conducting a risk assessment to identify all affected devices and prioritizing their protection is critical.