Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Network-reachable, unauthenticated, low-complexity request triggers an out-of-bounds index causing device crash, so AV:N/AC:L/PR:N with availability-only A:H and no C/I impact.
Primary rating from Vendor (Deltaww).
CVSS VectorVendor: Deltaww
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
DVP80ES300T with Improper Validation of Array Index Vulnerability
AnalysisAI
Denial-of-service in the Delta Electronics DVP80ES300T programmable logic controller allows remote unauthenticated attackers to crash the device by triggering an improper array-index validation flaw (CWE-129). Per the CVSS vector the impact is limited to availability (A:H) with no confidentiality or integrity loss, so a successful attack halts PLC operation rather than exposing data. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the DVP80ES300T's communication interface and the ability to send a crafted request carrying an out-of-bounds array index value; per AV:N/AC:L/PR:N/UI:N no authentication, no user interaction, and no special product configuration are called out in the available data. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, base 7.5) indicates a network-reachable, low-complexity, unauthenticated attack whose sole consequence is loss of availability - a clean DoS profile with no code-execution or data-disclosure claim. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network reachability to the PLC - for example after pivoting from an IT network into a poorly segmented control network - sends a crafted protocol request containing a manipulated index value that the firmware uses to access an internal array without bounds checking. The out-of-bounds access faults the firmware and halts the control program, stopping the monitored industrial process until the device is manually recovered. … |
| Remediation | Consult Delta advisory Delta-PCSA-2026-00013 (https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00013_DVP80ES300T%20Improper%20Validation%20of%20Array%20Index%20Vulnerability%20(CVE-2026-14193).pdf) and apply the vendor-provided firmware update; a specific fixed version is not present in the available data and must be taken from that advisory rather than assumed. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and document all Delta DVP80ES300T devices in your environment and their criticality to production processes. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-129 – Improper Validation of Array Index
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40911
GHSA-255r-96jc-w7r6