CVE-2026-12575
Delta Electronics · DVP80ES3 PLC
The Delta Electronics DVP80ES3 PLC is susceptible to an improper resource shutdown or release vulnerability, which could result in a denial-of-service condition.
Executive summary
A critical resource management vulnerability in the Delta Electronics DVP80ES3 PLC poses a significant risk of service disruption.
Vulnerability
This vulnerability involves the improper handling of resource shutdowns or releases within the controller's firmware, which may allow an attacker to cause the device to enter an unstable state or cease operation.
Business impact
Successful exploitation of this flaw could result in a denial-of-service, leading to the unplanned shutdown of industrial control processes. With a CVSS score of 7.5, the potential for operational disruption is significant, impacting production capabilities and potentially requiring manual intervention to restore service.
Remediation
Immediate Action: Consult the vendor’s security documentation and apply the recommended firmware update to address the resource management flaw.
Proactive Monitoring: Monitor the status of the DVP80ES3 controllers for unexpected restarts, communication timeouts, or error logs indicating resource exhaustion.
Compensating Controls: Restrict network access to the PLC to authorized personnel only, utilizing industrial firewalls to isolate the controller from untrusted network segments.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Industrial control systems require high availability, and this vulnerability directly threatens that requirement. System administrators should prioritize the deployment of firmware updates and ensure that the controller is segmented from broader corporate networks to minimize the attack surface until the patch is applied.