Full Report
[Control systems] Mitsubishi Electric security advisory (AV26-616)
Analysis Summary
# Vulnerability: Denial-of-Service in Mitsubishi Electric MELSEC iQ-F Series Modules
## CVE Details
*Note: While the advisory (AV26-616) references multiple DoS flaws, specific CVE IDs were not explicitly listed in the summary text provided; these typically align with Mitsubishi PSIRT identifiers 2026-002, 2026-003, and 2025-021.*
- **CVE ID:** CVE-pending/assigned via PSIRT 2025-021, 2026-002, 2026-003
- **CVSS Score:** Untabulated in source (Typically High for ICS DoS)
- **CWE:** CWE-400 (Uncontrolled Resource Consumption) / CWE-20 (Improper Input Validation)
## Affected Systems
- **Products:** MELSEC iQ-F Series Modules
- **FX5-EIP** EtherNet/IP Module
- **FX5-ENET/IP** Ethernet Module
- **Versions:**
- FX5-EIP: Version 1.000 and prior
- FX5-ENET/IP: All versions
- **Configurations:** Systems utilizing EtherNet/IP communications or standard Ethernet functions on these specific modules.
## Vulnerability Description
Multiple vulnerabilities exist in the processing of Ethernet and EtherNet/IP communications. An attacker can send specially crafted packets to the affected modules, leading to a Denial-of-Service (DoS) condition. Due to improper handling of these packets, the communication function may crash or become unresponsive, requiring a hardware reset or power cycle to recover.
## Exploitation
- **Status:** Not exploited (No reports of active exploitation in the wild at time of advisory)
- **Complexity:** Low
- **Attack Vector:** Network
## Impact
- **Confidentiality:** None
- **Integrity:** None
- **Availability:** High (Total loss of communication functionality for the affected module)
## Remediation
### Patches
- **FX5-EIP:** Mitsubishi Electric recommends updating to the latest firmware version as specified in the vendor's PDF advisories.
- **FX5-ENET/IP:** Users should contact their local Mitsubishi Electric representative for specific version updates and mitigation paths, as "all versions" were listed as potentially affected.
### Workarounds
- **Network Segmentation:** Place control systems behind firewalls and ensure they are not accessible from the Internet.
- **Access Control:** Restrict access to the EtherNet/IP and Ethernet ports to authorized IP addresses only.
- **VPN:** Use secure virtual private networks (VPNs) for any required remote access.
- **Physical Security:** Ensure physical access to the PLC and network infrastructure is restricted.
## Detection
- **Indicators of Compromise:** Unexpected loss of communication with the FX5-EIP or FX5-ENET/IP modules; modules requiring a physical restart to resume Ethernet functionality.
- **Detection methods and tools:** Monitor network traffic for unusual or malformed EtherNet/IP traffic patterns. Utilize ICS-aware Intrusion Detection Systems (IDS).
## References
- Mitsubishi Electric PSIRT 2026-002 [PDF]: hxxps://www[.]mitsubishielectric[.]com/psirt/vulnerability/pdf/2026-002_en[.]pdf
- Mitsubishi Electric PSIRT 2026-003 [PDF]: hxxps://www[.]mitsubishielectric[.]com/psirt/vulnerability/pdf/2026-003_en[.]pdf
- Mitsubishi Electric PSIRT 2025-021 [PDF]: hxxps://www[.]mitsubishielectric[.]com/psirt/vulnerability/pdf/2025-021_en[.]pdf
- Canadian Centre for Cyber Security Advisory AV26-616: hxxps://www[.]cyber[.]gc[.]ca/en/alerts-advisories/control-systems-mitsubishi-electric-security-advisory-av26-616