Skip to main content

Delta DVP80ES3 EUVDEUVD-2026-40931

| CVE-2026-12576 HIGH
Improper Enforcement of Message Integrity During Transmission (CWE-924)
2026-07-01 Deltaww GHSA-55jc-fj8g-2w6j
7.5
CVSS 3.1 · Vendor: Deltaww
Share

Severity by source

Vendor (Deltaww) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Network-reachable channel with no integrity enforcement needs no auth or interaction (AV:N/AC:L/PR:N/UI:N); confirmed impact per vendor is availability loss (A:H), with C/I set N absent evidence.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Deltaww).

CVSS VectorVendor: Deltaww

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 01, 2026 - 08:33 vuln.today

DescriptionCVE.org

DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability.

AnalysisAI

Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from a failure to enforce message integrity on a communication channel (CWE-924), allowing remote, unauthenticated attackers to inject or tamper with protocol messages and disrupt device availability. Per the vendor CVSS vector (AV:N/AC:L/PR:N/UI:N/C:N/I:N/A:H), the confirmed impact is loss of availability of this industrial controller with no privileges or user interaction required. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain access to OT network segment
Delivery
Reach DVP80ES3 control protocol port
Exploit
Craft tampered/malformed integrity-unchecked message
Execution
Controller fails to validate and faults
Impact
Loss of PLC availability halts process

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the DVP80ES3's communication channel and the ability to send messages the device will process - the vulnerability lies in the absence of message-integrity enforcement on that channel, so no valid credentials or user interaction are needed (PR:N/UI:N/AC:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-assigned CVSS 3.1 base score is 7.5 (High) driven entirely by availability (A:H) over an easily reachable network path (AV:N/AC:L/PR:N/UI:N) - a clean, low-barrier profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who gains a foothold on the OT network - via a compromised HMI, engineering laptop, or an insufficiently segmented IT/OT boundary - sends crafted or tampered protocol messages to the DVP80ES3 that it fails to validate for integrity. Because no authentication or user interaction is required (PR:N/UI:N), the malformed traffic drives the controller into a fault or unresponsive state, halting the automated process it manages. …
Remediation No specific fixed firmware version is provided in the available data, so consult Delta advisory Delta-PCSA-2026-00009 (https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00009_DVP80ES3%20Multiple%20Vulnerabilities_v1%20(CVE-2026-12575,%2012576,%2012577).pdf) for the patched release and apply it; treat patch status as 'Patch available per vendor advisory' pending confirmation of an exact version. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all DVP80ES3 devices across the organization and document network locations and criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40931 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy