Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable, unauthenticated, low-complexity per the vendor 4.0 vector; scored impact is availability-only (A:H) with no confidentiality or integrity effect, consistent with a DoS on the PLC.
Primary rating from Vendor (Deltaww).
CVSS VectorVendor: Deltaww
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability.
AnalysisAI
Denial-of-service exposure in the Delta Electronics DVP80ES3 programmable logic controller (part of the DVP-ES3 series) stems from an improperly implemented standard security check (CWE-358) that a remote, unauthenticated attacker can abuse over the network to force a loss of availability. The CVSS 4.0 base score is 8.7 (High), driven entirely by high availability impact with no confidentiality or integrity impact in the scored vector. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Per the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N), no authentication, no user interaction, and no special attack requirements are needed - a remote attacker only needs network reachability to the DVP80ES3's affected service. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N, VA:H, VC:N/VI:N) describes an unauthenticated, low-complexity, network-reachable attack whose sole scored consequence is high availability impact - i.e., a denial-of-service or device disruption, not data theft or manipulation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network access to the OT segment sends crafted traffic to the DVP80ES3's exposed service, exploiting the improperly implemented security check without needing credentials or user interaction, causing the PLC to lose availability and disrupting the physical process it controls. No public proof-of-concept exists at time of analysis, so this reflects the theoretical path implied by the CVSS vector rather than a demonstrated exploit. |
| Remediation | Consult Delta advisory Delta-PCSA-2026-00009 (https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00009_DVP80ES3%20Multiple%20Vulnerabilities_v1%20(CVE-2026-12575,%2012576,%2012577).pdf) and apply the vendor-recommended firmware update for the DVP80ES3; a specific patched version could not be independently confirmed from the provided data, so verify the exact fixed release in that advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all DVP80ES3 systems in your environment; immediately implement firewall rules restricting network access to authorized engineering workstations only and document current device roles and dependencies. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from an improper resource shutdown
Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from a failure to enforce message
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40932
GHSA-7fmx-whj8-2pcw