← Back to home
ICSA-24-324-01  ·  Published 2026-03-31  ·  View on CISA ICS-CERT ↗

Mitsubishi Electric MELSEC iQ-F Series (Update A)

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in Ethernet communication on the module by sending specially crafted SLMP packets. A system reset of the module is required for recovery.

CVEs (1)

Remediations

  • Mitsubishi Electric is releasing fixed version 1.210 or later for MELSEC iQ-F Series FX5-ENET. Users may download a firmware update file from the link ["https://www.mitsubishielectric.com/fa/download/index.html"](https://www.mitsubishielectric.com/fa/download/index.html) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at ["https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-009_en.pdf"](https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-009_en.pdf).
  • Mitsubishi Electric is releasing fixed version 1.106 or later for MELSEC iQ-F Series FX5-ENET/IP. Please download a firmware update file from the link ["https://www.mitsubishielectric.com/fa/download/index.html"](https://www.mitsubishielectric.com/fa/download/index.html) and install it. For more information on the fixed version, refer to the Mitsubishi Electric security advisory at ["https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-009_en.pdf"](https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-009_en.pdf).
  • For users of the affected products, Mitsubishi Electric recommends using within a LAN and blocking access from untrusted networks and hosts through firewalls, to minimize the risk of exploiting this vulnerability.
  • For users of the affected products, Mitsubishi Electric recommends restricting physical access to the products, as well as to computers and network devices located within the same network as the products, to minimize the risk of exploiting this vulnerability.
  • For users of the affected products, Mitsubishi Electric recommends using a firewall or virtual private network (VPN), etc. to prevent unauthorized access when internet access is required, to minimize the risk of exploiting this vulnerability.
  • For users of the affected products, Mitsubishi Electric recommends using IP filter function to block access from untrusted hosts, to minimize the risk of exploiting this vulnerability. For details on the IP filter function, please refer to the manual (MELSEC iQ-F FX5 User's Manual (Communication) "13.1 IP Filter Function").

Affected Vendors

Mitsubishi Electric

Affected Products (2)

Mitsubishi Electric · MELSEC iQ-F Series FX5-ENET >=1.100|<=1.200
Mitsubishi Electric · MELSEC iQ-F Series FX5-ENET/IP >=1.100|<=1.104

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more