Dvp80Es3
Monthly
Denial-of-service exposure in the Delta Electronics DVP80ES3 programmable logic controller (part of the DVP-ES3 series) stems from an improperly implemented standard security check (CWE-358) that a remote, unauthenticated attacker can abuse over the network to force a loss of availability. The CVSS 4.0 base score is 8.7 (High), driven entirely by high availability impact with no confidentiality or integrity impact in the scored vector. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; note that the vendor's tags label this 'Information Disclosure,' which conflicts with the availability-only CVSS vector and should be verified against the Delta advisory.
Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from a failure to enforce message integrity on a communication channel (CWE-924), allowing remote, unauthenticated attackers to inject or tamper with protocol messages and disrupt device availability. Per the vendor CVSS vector (AV:N/AC:L/PR:N/UI:N/C:N/I:N/A:H), the confirmed impact is loss of availability of this industrial controller with no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though the network-reachable, no-auth profile of an ICS device makes it operationally significant.
Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from an improper resource shutdown or release flaw (CWE-404) that lets remote unauthenticated attackers exhaust or corrupt device resources. Per the CVSS vector the impact is limited to availability (A:H) with no confidentiality or integrity loss, meaning a successful attacker can crash or hang the PLC and disrupt the controlled industrial process. No public exploit identified at time of analysis; the issue is documented in Delta advisory Delta-PCSA-2026-00009, which bundles it with CVE-2026-12576 and CVE-2026-12577.
Denial-of-service exposure in the Delta Electronics DVP80ES3 programmable logic controller (part of the DVP-ES3 series) stems from an improperly implemented standard security check (CWE-358) that a remote, unauthenticated attacker can abuse over the network to force a loss of availability. The CVSS 4.0 base score is 8.7 (High), driven entirely by high availability impact with no confidentiality or integrity impact in the scored vector. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; note that the vendor's tags label this 'Information Disclosure,' which conflicts with the availability-only CVSS vector and should be verified against the Delta advisory.
Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from a failure to enforce message integrity on a communication channel (CWE-924), allowing remote, unauthenticated attackers to inject or tamper with protocol messages and disrupt device availability. Per the vendor CVSS vector (AV:N/AC:L/PR:N/UI:N/C:N/I:N/A:H), the confirmed impact is loss of availability of this industrial controller with no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though the network-reachable, no-auth profile of an ICS device makes it operationally significant.
Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from an improper resource shutdown or release flaw (CWE-404) that lets remote unauthenticated attackers exhaust or corrupt device resources. Per the CVSS vector the impact is limited to availability (A:H) with no confidentiality or integrity loss, meaning a successful attacker can crash or hang the PLC and disrupt the controlled industrial process. No public exploit identified at time of analysis; the issue is documented in Delta advisory Delta-PCSA-2026-00009, which bundles it with CVE-2026-12576 and CVE-2026-12577.