CP
cyberpings
VulnerabilitiesHIGH

Critical Vulnerabilities Found in Mitsubishi Electric Modules

CICISA Advisories18h ago2 min read
CVE-2026-1874CVE-2026-1875Mitsubishi ElectricMELSEC iQ-F SeriesEtherNet/IP
馃幆

Basically, hackers can crash certain Mitsubishi devices by sending too many messages.

Quick Summary

Mitsubishi Electric's MELSEC modules have critical vulnerabilities that could allow hackers to crash devices. This affects users in critical manufacturing sectors. Immediate updates and security measures are essential to prevent disruptions. Stay vigilant and protect your operations.

What Happened

A serious security flaw has been discovered in Mitsubishi Electric's MELSEC iQ-F Series EtherNet/IP and Ethernet modules. This vulnerability could let attackers remotely crash these devices by bombarding them with UDP packets?. If exploited, this could lead to a denial-of-service? (DoS) condition, disrupting operations in critical manufacturing sectors worldwide.

The affected products include the FX5-ENET/IP Ethernet Module (version 1.106 and below) and the FX5-EIP EtherNet/IP Module (all versions). These vulnerabilities, identified as CVE?-2026-1874 and CVE?-2026-1875, highlight significant weaknesses in the control flow and resource management of these devices. With the potential for widespread impact, users need to act quickly to protect their systems.

Why Should You Care

If you use Mitsubishi Electric's MELSEC modules in your manufacturing processes, this vulnerability could put your operations at risk. Imagine your factory's machinery suddenly stopping because of a cyber attack. This isn't just an inconvenience; it could lead to financial losses and operational downtime.

Every day, these devices help manage critical infrastructure. If they go down, it affects not only production but also safety and reliability. Your company's reputation and bottom line could be on the line, making it essential to address these vulnerabilities immediately.

What's Being Done

Mitsubishi Electric is aware of the situation and has released a fix for the FX5-ENET/IP module. Users should:

  • Update to version 1.107 or later if you're using the FX5-ENET/IP module.
  • Implement mitigations like using firewall?s and VPN?s to limit unauthorized access.
  • Restrict physical access to affected devices and connected PCs.
  • Install anti-virus software on PCs that interact with these modules.

Experts are closely monitoring the situation for any further developments or additional vulnerabilities that could arise. It's crucial to stay informed and proactive in protecting your devices.

馃挕 Tap dotted terms for explanations

馃敀 Pro insight: The vulnerabilities reflect a growing trend in industrial control systems, where remote exploitation can lead to significant operational disruptions.

Original article from

CISA Advisories CISA

Read Full Article

Share

Related Pings

HIGHVulnerabilities

GIMP Faces Critical Vulnerability: Urgent Fix Needed

A critical vulnerability in GIMP was just reported, putting users at risk. With a CVSS score of 7.8, this flaw could allow unauthorized access to your files. The vendor has until July 3 to issue a fix. Stay alert and back up your work!

ZDI Upcoming AdvisoriesJust now2m
HIGHVulnerabilities

Pwn2Own Automotive 2026: $1 Million in Vulnerabilities Uncovered!

In a thrilling conclusion to Pwn2Own Automotive 2026, hackers uncovered over 76 vulnerabilities, earning $1 million in prizes. This competition highlights the urgent need for robust automotive security. Stay alert for updates from your vehicle manufacturer to ensure your safety on the road.

Zero Day Initiative BlogJust now2m
HIGHVulnerabilities

Pwn2Own Automotive 2026: Record Entries for Epic Hacking Showdown

The Pwn2Own Automotive competition has kicked off in Tokyo with 73 teams competing to exploit car systems. This event is crucial for improving vehicle security. Stay informed about the vulnerabilities that could impact your safety on the road!

Zero Day Initiative BlogJust now2m
HIGHVulnerabilities

AI Revolutionizes Vulnerability Discovery in Cybersecurity

Anthropic's Claude Opus 4.6 has discovered 500 high-severity vulnerabilities. This impacts developers and security teams alike. Without proper context, more alerts can overwhelm security efforts. Organizations must prioritize AI-driven exposure management to stay secure.

Tenable Blog1m ago2m
HIGHVulnerabilities

Dynamic Objects: The Hidden Threat in Active Directory

Dynamic objects in Active Directory pose a stealthy threat by self-deleting without leaving evidence. This impacts organizations by complicating forensic investigations. Security teams are urged to implement real-time monitoring to catch these attacks before they erase all traces.

Tenable Blog1m ago2m
HIGHVulnerabilities

New Cyber Module Boosts Health Organizations' Risk Planning

A new cybersecurity module has been launched to help healthcare organizations better prepare for cyber threats. Hospitals are particularly concerned about risks from cloud services and connected devices. This initiative aims to protect patient care and sensitive health data. Organizations are encouraged to implement the new toolkit immediately.

Help Net Security1m ago2m