• News
  • Positive Technologies helps fix vulnerabilities in Delta Electronics controllers
News

Positive Technologies helps fix vulnerabilities in Delta Electronics controllers

During a recent security study, PT SWARM experts Sergey Fedonin and Ivan Kurnakov, assisted by Vladimir Nazarov, uncovered four critical vulnerabilities in Delta Electronics AS300 series PLCs.1 If exploited, these flaws could allow an attacker to halt production processes, disrupt expensive machinery, and cause industrial accidents, ultimately leading to severe financial and reputational damage. The manufacturer was notified of the cyberthreat in accordance with responsible disclosure guidelines and has since released a firmware update to secure the devices.

According to Fortune Business Insights, Delta Electronics is one of the world's leading PLC manufacturers. The AS series controllers are widely used to manage industrial automation equipment across various sectors, including electronics and textile manufacturing, as well as food packaging and labeling.
 

1 Programmable logic controllers (PLCs) are essential components of industrial control systems (ICS) used to automate complex industrial processes.

AS300 series PLCs running firmware versions 1.14 and earlier were affected by vulnerabilities PT‑2026‑348532, PT‑2026‑34858, and PT‑2026‑34860 (CVE‑2026‑1949, CVE‑2026‑1950, and CVE‑2026‑1952; BDU: 2025‑08818, BDU: 2025‑08819, BDU: 2025‑08821). Meanwhile, the security flaw PT‑2026‑34859 (CVE‑2026‑1951; BDU: 2025‑08820) impacted controllers on firmware version 1.10 and earlier. These discovered vulnerabilities were assigned a CVSS 3.1 score of 9.8 out of 10, indicating a critical severity level. If successfully exploited, PT-2026-34853, PT-2026-34858, or PT-2026-34859 would allow an attacker to execute arbitrary code on the PLC and seize full control of the device. This could lead to unauthorized configuration changes and severe operational disruptions. Furthermore, by exploiting PT-2026-34860, an attacker could completely halt the PLC, thereby stopping the entire industrial process.

2 The vulnerabilities have been registered on the dbugs portal, which aggregates data on vulnerabilities in software and hardware from vendors around the world.

"To exploit these security flaws, an attacker would only require network access to the Delta Electronics AS300 series PLCs. The subsequent steps would depend on the attacker's skill level. For instance, the attacker could leverage the vulnerabilities to gain administrator privileges on the controller and delete the control logic required to manage the industrial process. A more sophisticated cybercriminal could issue unauthorized commands to lower-level ICS field devices connected to the controller, spoof sensor readings, or alter the threshold values that trigger safety alarms and protections. Such malicious activities could easily cause a severe industrial accident."

Vladimir Nazarov
Vladimir NazarovHead of Industrial Control Systems Security at Positive Technologies

"At Delta Electronics, we place the highest priority on the security of our industrial automation solutions. We appreciate the professional collaboration with the Positive Technologies team. In response to the identified vulnerabilities in the AS300 series PLCs, we have released a security firmware update and strongly recommend that customers apply it through our authorized channels to ensure the continued safety and stability of their production environments."

Delta Electronics
Delta Electronics

Affected customers are advised to contact their local authorized distributors or Delta's regional technical support teams to obtain the v1.16 firmware update and receive professional installation assistance. To mitigate the risks, organizations are advised to restrict PLC access from external and corporate networks, deploy firewalls, and implement solutions for monitoring operational technology (OT) network traffic and detecting anomalies.

The PT ISIM industrial cyber resilience system already detects all the identified vulnerabilities; the corresponding rules were added to the product during the latest update of the PT ISTI expert knowledge base. Advanced NTA/NDR solutions, such as PT Network Attack Discovery (PT NAD), detect attempts to exploit these vulnerabilities, while NGFW solutions, like PT NGFW, can actively block them.
 

Previously, in late 2025, Positive Technologies experts Maxim Gruzin,3 Ilya Bubliy, Konstantin Maksimov, Ivan Tarakanov, and Ilya Rogachev helped remediate vulnerabilities PT‑2025‑40257 through PT‑2025‑40265 in Fastwel PLCs. Successful exploitation of these flaws could have disrupted the operation of the controlled industrial equipment.

For up-to-date security information, visit the dbugs portal, which aggregates vulnerability data and vendor recommendations for software and hardware from vendors around the world.

3 At the time the vulnerabilities were discovered in 2025.