Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Network-reachable channel with no integrity enforcement needs no auth or interaction (AV:N/AC:L/PR:N/UI:N); confirmed impact per vendor is availability loss (A:H), with C/I set N absent evidence.
Primary rating from Vendor (Deltaww).
CVSS VectorVendor: Deltaww
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability.
AnalysisAI
Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from a failure to enforce message integrity on a communication channel (CWE-924), allowing remote, unauthenticated attackers to inject or tamper with protocol messages and disrupt device availability. Per the vendor CVSS vector (AV:N/AC:L/PR:N/UI:N/C:N/I:N/A:H), the confirmed impact is loss of availability of this industrial controller with no privileges or user interaction required. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the DVP80ES3's communication channel and the ability to send messages the device will process - the vulnerability lies in the absence of message-integrity enforcement on that channel, so no valid credentials or user interaction are needed (PR:N/UI:N/AC:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-assigned CVSS 3.1 base score is 7.5 (High) driven entirely by availability (A:H) over an easily reachable network path (AV:N/AC:L/PR:N/UI:N) - a clean, low-barrier profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who gains a foothold on the OT network - via a compromised HMI, engineering laptop, or an insufficiently segmented IT/OT boundary - sends crafted or tampered protocol messages to the DVP80ES3 that it fails to validate for integrity. Because no authentication or user interaction is required (PR:N/UI:N), the malformed traffic drives the controller into a fault or unresponsive state, halting the automated process it manages. … |
| Remediation | No specific fixed firmware version is provided in the available data, so consult Delta advisory Delta-PCSA-2026-00009 (https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00009_DVP80ES3%20Multiple%20Vulnerabilities_v1%20(CVE-2026-12575,%2012576,%2012577).pdf) for the patched release and apply it; treat patch status as 'Patch available per vendor advisory' pending confirmation of an exact version. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all DVP80ES3 devices across the organization and document network locations and criticality. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Denial-of-service exposure in the Delta Electronics DVP80ES3 programmable logic controller (part of the DVP-ES3 series)
Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from an improper resource shutdown
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40931
GHSA-55jc-fj8g-2w6j