Skip to main content

Delta DVP80ES3 CVE-2026-12577

| EUVDEUVD-2026-40932 HIGH
Improperly Implemented Security Check for Standard (CWE-358)
2026-07-01 Deltaww GHSA-7fmx-whj8-2pcw
8.7
CVSS 4.0 · Vendor: Deltaww
Share

Severity by source

Vendor (Deltaww) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Network-reachable, unauthenticated, low-complexity per the vendor 4.0 vector; scored impact is availability-only (A:H) with no confidentiality or integrity effect, consistent with a DoS on the PLC.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Deltaww).

CVSS VectorVendor: Deltaww

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 01, 2026 - 08:30 vuln.today

DescriptionCVE.org

DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability.

AnalysisAI

Denial-of-service exposure in the Delta Electronics DVP80ES3 programmable logic controller (part of the DVP-ES3 series) stems from an improperly implemented standard security check (CWE-358) that a remote, unauthenticated attacker can abuse over the network to force a loss of availability. The CVSS 4.0 base score is 8.7 (High), driven entirely by high availability impact with no confidentiality or integrity impact in the scored vector. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain access to OT network segment
Delivery
Reach exposed DVP80ES3 service
Exploit
Send request bypassing flawed security check
Execution
Trigger loss of device availability
Impact
Disrupt controlled physical process

Vulnerability AssessmentAI

Exploitation Per the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N), no authentication, no user interaction, and no special attack requirements are needed - a remote attacker only needs network reachability to the DVP80ES3's affected service. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N, VA:H, VC:N/VI:N) describes an unauthenticated, low-complexity, network-reachable attack whose sole scored consequence is high availability impact - i.e., a denial-of-service or device disruption, not data theft or manipulation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to the OT segment sends crafted traffic to the DVP80ES3's exposed service, exploiting the improperly implemented security check without needing credentials or user interaction, causing the PLC to lose availability and disrupting the physical process it controls. No public proof-of-concept exists at time of analysis, so this reflects the theoretical path implied by the CVSS vector rather than a demonstrated exploit.
Remediation Consult Delta advisory Delta-PCSA-2026-00009 (https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00009_DVP80ES3%20Multiple%20Vulnerabilities_v1%20(CVE-2026-12575,%2012576,%2012577).pdf) and apply the vendor-recommended firmware update for the DVP80ES3; a specific patched version could not be independently confirmed from the provided data, so verify the exact fixed release in that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all DVP80ES3 systems in your environment; immediately implement firewall rules restricting network access to authorized engineering workstations only and document current device roles and dependencies. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12577 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy