Skip to main content

Delta DVP80ES3 EUVDEUVD-2026-40930

| CVE-2026-12575 HIGH
Improper Resource Shutdown or Release (CWE-404)
2026-07-01 Deltaww GHSA-vw8f-j9f7-vf48
7.5
CVSS 3.1 · Vendor: Deltaww
Share

Severity by source

Vendor (Deltaww) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Unauthenticated network-reachable resource-release flaw with low complexity; impact is a PLC crash, so availability-only (A:H) with no confidentiality or integrity effect.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Deltaww).

CVSS VectorVendor: Deltaww

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 01, 2026 - 08:33 vuln.today

DescriptionCVE.org

DVP80ES3 with Improper Resource Shutdown or Release vulnerability.

AnalysisAI

Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from an improper resource shutdown or release flaw (CWE-404) that lets remote unauthenticated attackers exhaust or corrupt device resources. Per the CVSS vector the impact is limited to availability (A:H) with no confidentiality or integrity loss, meaning a successful attacker can crash or hang the PLC and disrupt the controlled industrial process. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach PLC over OT network
Delivery
Send repeated crafted requests
Exploit
Trigger improper resource release (CWE-404)
Execution
Exhaust device handles/memory
Impact
Crash or hang PLC availability

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the DVP80ES3's exposed service; per the CVSS vector AV:N/AC:L/PR:N/UI:N, no authentication and no user interaction are needed against the affected firmware, so any host that can reach the PLC's control/engineering port can attempt it. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score is 7.5 (High) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a network-reachable, low-complexity, unauthenticated attack whose sole impact is availability - a classic denial-of-service profile, not code execution or data theft. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to the plant OT segment repeatedly opens connections to the DVP80ES3's exposed control service and sends requests that cause the firmware to leak or fail to release resources. After enough iterations the PLC exhausts available handles or memory and crashes or hangs, halting the industrial process it controls. …
Remediation Consult Delta advisory Delta-PCSA-2026-00009 (https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00009_DVP80ES3%20Multiple%20Vulnerabilities_v1%20(CVE-2026-12575,%2012576,%2012577).pdf) for the vendor's recommended firmware update; the provided data does not include an exact fixed version, so no vendor-released patch version can be independently confirmed at time of analysis - verify the target firmware level directly against that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all DVP80ES3 controllers in production; document network accessibility and criticality to operations; establish emergency approval process for urgent configuration changes. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40930 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy