Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Unauthenticated network-reachable resource-release flaw with low complexity; impact is a PLC crash, so availability-only (A:H) with no confidentiality or integrity effect.
Primary rating from Vendor (Deltaww).
CVSS VectorVendor: Deltaww
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
DVP80ES3 with Improper Resource Shutdown or Release vulnerability.
AnalysisAI
Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from an improper resource shutdown or release flaw (CWE-404) that lets remote unauthenticated attackers exhaust or corrupt device resources. Per the CVSS vector the impact is limited to availability (A:H) with no confidentiality or integrity loss, meaning a successful attacker can crash or hang the PLC and disrupt the controlled industrial process. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the DVP80ES3's exposed service; per the CVSS vector AV:N/AC:L/PR:N/UI:N, no authentication and no user interaction are needed against the affected firmware, so any host that can reach the PLC's control/engineering port can attempt it. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 7.5 (High) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a network-reachable, low-complexity, unauthenticated attack whose sole impact is availability - a classic denial-of-service profile, not code execution or data theft. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network access to the plant OT segment repeatedly opens connections to the DVP80ES3's exposed control service and sends requests that cause the firmware to leak or fail to release resources. After enough iterations the PLC exhausts available handles or memory and crashes or hangs, halting the industrial process it controls. … |
| Remediation | Consult Delta advisory Delta-PCSA-2026-00009 (https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00009_DVP80ES3%20Multiple%20Vulnerabilities_v1%20(CVE-2026-12575,%2012576,%2012577).pdf) for the vendor's recommended firmware update; the provided data does not include an exact fixed version, so no vendor-released patch version can be independently confirmed at time of analysis - verify the target firmware level directly against that advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all DVP80ES3 controllers in production; document network accessibility and criticality to operations; establish emergency approval process for urgent configuration changes. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Denial-of-service exposure in the Delta Electronics DVP80ES3 programmable logic controller (part of the DVP-ES3 series)
Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from a failure to enforce message
Same weakness CWE-404 – Improper Resource Shutdown or Release
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40930
GHSA-vw8f-j9f7-vf48