HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Integer Overflow DoS in Mitsubishi Electric MELSEC iQ‑F Series (CVE‑2026‑8805) Threatens Industrial Control Availability

CISA warns that an integer overflow (CVE‑2026‑8805) in Mitsubishi Electric’s MELSEC iQ‑F Series EtherNet/IP module can be remotely exploited to cause a denial‑of‑service, affecting critical manufacturing environments and raising SOC 2 availability and vendor‑risk concerns.

LiveThreat™ Intelligence · 📅 June 18, 2026· 📰 cisa.gov
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
3 recommended
📰
Source
cisa.gov

Integer Overflow DoS in Mitsubishi Electric MELSEC iQ‑F Series (CVE‑2026‑8805) Threatens Industrial Control Availability

What It Is — A newly disclosed integer overflow in the EtherNet/IP function of Mitsubishi Electric’s MELSEC iQ‑F Series FX5‑EIP module (≤ 1.000) can be triggered remotely to corrupt internal connection handling and cause a denial‑of‑service condition.

Exploitability — Public advisory from CISA; no public PoC, but the vulnerability is exploitable over the network (CVSS v3 7.5).

Affected Products — Mitsubishi Electric MELSEC iQ‑F Series, specifically the FX5‑EIP EtherNet/IP module.

Why It Matters for Compliance & Audit Readiness

  • SOC 2 Availability – A DoS on OT equipment directly tests the Availability principle; auditors will look for evidence that you continuously monitor third‑party device health.
  • Vendor‑Risk Management – The flaw resides in a third‑party hardware component; maintaining an up‑to‑date vendor‑risk register and remediation evidence is a SOC 2 control requirement.
  • Continuous Evidence – Real‑time alerts from network‑traffic baselines and patch‑status dashboards provide the audit‑ready logs SOC 2 auditors expect.

Recommended Actions

  • Verify firmware version on all MELSEC iQ‑F FX5‑EIP modules; apply Mitsubishi’s security patch or recommended mitigation.
  • Update your vendor‑risk inventory to flag the affected hardware and document remediation status for SOC 2 evidence.
  • Deploy network‑level rate‑limiting and anomaly‑detection rules to block connection‑flood attempts.

Source: CISA Advisory – ICSA‑26‑169‑05

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-05

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Vendor Risk Hub

Point-in-time vendor reviews miss incidents like this.

Verisq AI Trust Operations replaces the annual questionnaire with continuous third-party monitoring — so vendor exposure becomes audit evidence, not a once-a-year guess.

See how Verisq AI Trust Operations works →