CVE-2026-14193

Delta Electronics · DVP80ES300T

The Delta Electronics DVP80ES300T PLC is vulnerable to an improper validation of array index, potentially leading to memory corruption or instability.

Executive summary

An improper array index validation vulnerability in the Delta Electronics DVP80ES300T programmable logic controller poses a high risk of unauthorized memory access or system failure.

Vulnerability

This vulnerability involves the improper validation of array indices within the device firmware, which can be exploited to cause buffer overflows or out-of-bounds memory access. The authentication requirements remain unconfirmed, but such flaws typically allow unauthenticated remote attackers to disrupt industrial control processes.

Business impact

The exploitation of this vulnerability could result in significant operational disruption, including the unauthorized modification of control logic or a complete denial-of-service on the affected PLC. With a CVSS score of 7.5, the risk is categorized as high, necessitating immediate attention to prevent potential safety incidents or production downtime within industrial environments.

Remediation

Immediate Action: Consult the official Delta Electronics security portal to identify and apply the necessary firmware patches or security updates.

Proactive Monitoring: Implement strict network segmentation for industrial control systems and monitor traffic for anomalous patterns directed at PLC management ports.

Compensating Controls: Utilize industrial firewalls or deep packet inspection (DPI) to restrict access to the affected hardware and block malformed packets that might trigger the index error.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the critical nature of PLC hardware, administrators should prioritize this vulnerability for immediate remediation. Ensure that all affected controllers are isolated from public-facing networks and apply vendor-supplied updates as soon as they become available to maintain system integrity and operational continuity.