Skip to main content

Dvp80Es3

3 CVEs product

Monthly

CVE-2026-12577 HIGH This Week

Denial-of-service exposure in the Delta Electronics DVP80ES3 programmable logic controller (part of the DVP-ES3 series) stems from an improperly implemented standard security check (CWE-358) that a remote, unauthenticated attacker can abuse over the network to force a loss of availability. The CVSS 4.0 base score is 8.7 (High), driven entirely by high availability impact with no confidentiality or integrity impact in the scored vector. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; note that the vendor's tags label this 'Information Disclosure,' which conflicts with the availability-only CVSS vector and should be verified against the Delta advisory.

Information Disclosure Dvp80Es3
NVD VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-12576 HIGH This Week

Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from a failure to enforce message integrity on a communication channel (CWE-924), allowing remote, unauthenticated attackers to inject or tamper with protocol messages and disrupt device availability. Per the vendor CVSS vector (AV:N/AC:L/PR:N/UI:N/C:N/I:N/A:H), the confirmed impact is loss of availability of this industrial controller with no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though the network-reachable, no-auth profile of an ICS device makes it operationally significant.

Information Disclosure Dvp80Es3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-12575 HIGH This Week

Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from an improper resource shutdown or release flaw (CWE-404) that lets remote unauthenticated attackers exhaust or corrupt device resources. Per the CVSS vector the impact is limited to availability (A:H) with no confidentiality or integrity loss, meaning a successful attacker can crash or hang the PLC and disrupt the controlled industrial process. No public exploit identified at time of analysis; the issue is documented in Delta advisory Delta-PCSA-2026-00009, which bundles it with CVE-2026-12576 and CVE-2026-12577.

Information Disclosure Dvp80Es3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
EPSS 0% CVSS 8.7
HIGH This Week

Denial-of-service exposure in the Delta Electronics DVP80ES3 programmable logic controller (part of the DVP-ES3 series) stems from an improperly implemented standard security check (CWE-358) that a remote, unauthenticated attacker can abuse over the network to force a loss of availability. The CVSS 4.0 base score is 8.7 (High), driven entirely by high availability impact with no confidentiality or integrity impact in the scored vector. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; note that the vendor's tags label this 'Information Disclosure,' which conflicts with the availability-only CVSS vector and should be verified against the Delta advisory.

Information Disclosure Dvp80Es3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from a failure to enforce message integrity on a communication channel (CWE-924), allowing remote, unauthenticated attackers to inject or tamper with protocol messages and disrupt device availability. Per the vendor CVSS vector (AV:N/AC:L/PR:N/UI:N/C:N/I:N/A:H), the confirmed impact is loss of availability of this industrial controller with no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though the network-reachable, no-auth profile of an ICS device makes it operationally significant.

Information Disclosure Dvp80Es3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from an improper resource shutdown or release flaw (CWE-404) that lets remote unauthenticated attackers exhaust or corrupt device resources. Per the CVSS vector the impact is limited to availability (A:H) with no confidentiality or integrity loss, meaning a successful attacker can crash or hang the PLC and disrupt the controlled industrial process. No public exploit identified at time of analysis; the issue is documented in Delta advisory Delta-PCSA-2026-00009, which bundles it with CVE-2026-12576 and CVE-2026-12577.

Information Disclosure Dvp80Es3
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy