CVE Catalog

CVE-2026-8805

HighCVSS 8.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile - higher than 30% of all known CVEs

Summary

CVE-2026-8805 describes an integer overflow vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP module. This allows a remote attacker to cause a denial-of-service (DoS) condition by rapidly establishing a large number of TCP connections.

Risk Assessment

An attacker can disrupt the device's operation, leading to service availability issues. This may impact business operations and system security.

Recommendation

It is recommended to update the FX5-EIP module to the latest version to mitigate this vulnerability. Additionally, monitoring and limiting the number of TCP connections from external sources is advisable.

Original NVD description (English source)

Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection management process and triggering improper memory access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS