Delta Electronics AS320T Plagued by Critical DoS Vulnerability
The National Vulnerability Database (NVD) has detailed CVE-2026-1952, a critical denial-of-service (DoS) vulnerability impacting Delta Electronics AS320T programmable logic controllers (PLCs). This flaw, stemming from an undocumented subfunction, carries a CVSSv3 score of 9.8, indicating maximum severity. Attackers can exploit this remotely without authentication, making it a severe threat to operational technology (OT) environments.
This isn’t just a crash; it’s a critical disruption. The ability to trigger a DoS via an undocumented subfunction means an attacker can halt industrial processes, leading to significant operational downtime and potential safety hazards. The lack of authentication required for exploitation dramatically lowers the barrier for entry for malicious actors, from opportunistic script kiddies to state-sponsored groups looking to disrupt critical infrastructure.
CISOs in manufacturing and industrial sectors must treat this as an immediate priority. The attacker’s calculus here is simple: maximum impact with minimal effort. Disabling PLCs can cascade into widespread production stoppages, making this a prime target for extortion or sabotage. Defenders need to isolate these systems and apply vendor patches immediately.
What This Means For You
- If your organization uses Delta Electronics AS320T PLCs, you are exposed to a critical, unauthenticated remote denial-of-service attack. This isn't theoretical; it's a direct threat to your operational continuity. Isolate these devices from public networks immediately and prioritize vendor patches. Audit your OT network for any unauthorized access attempts or unusual traffic patterns to these specific devices.
Related ATT&CK Techniques
🛡️ Detection Rules
1 rule · 6 SIEM formats1 detection rule auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-1952 - Delta AS320T Undocumented Subfunction DoS
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-1952 | DoS | Delta Electronics AS320T |
| CVE-2026-1952 | DoS | undocumented subfunction vulnerability |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 24, 2026 at 10:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-4078 — Cross-Site Scripting (XSS)
CVE-2026-4078 — The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes (iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice) in all versions up to...
CVE-2026-3569 — The Liaison Site Prober plugin for WordPress is vulnerable
CVE-2026-3569 — The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs...
CVE-2026-3565 — The Taqnix plugin for WordPress is vulnerable to Cross-Site
CVE-2026-3565 — The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to...