Skip to main content

Dvp 12Se

2 CVEs product

Monthly

CVE-2026-12819 CRITICAL CISA Act Now

Unauthenticated Modbus TCP exposure on the Delta Electronics DVP12SE programmable logic controller lets any network-reachable attacker invoke security-sensitive PLC functions - reading and writing process registers, coils, and configuration - with no credentials or access control. The flaw (CWE-306, Missing Authentication for a Critical Function) carries a CVSS 4.0 base of 9.3 and is documented in Delta advisory PCSA-2026-00011 alongside CVE-2026-12818. There is no public exploit identified at time of analysis and no CISA KEV listing, but the Modbus protocol is trivially scriptable and well understood, lowering the practical exploitation bar.

Authentication Bypass Dvp 12Se
NVD VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-12818 CRITICAL CISA Act Now

Resource exhaustion in Delta Electronics DVP12SE programmable logic controllers lets remote attackers crash or hang the device by overwhelming its Modbus TCP service, which lacks connection/resource throttling (CWE-770). Any host able to reach the PLC's Modbus TCP port can degrade or deny control of the affected industrial process. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the unauthenticated network attack surface makes it a meaningful availability risk in OT environments.

Denial Of Service Dvp 12Se
NVD VulDB
CVSS 4.0
9.3
EPSS
0.3%
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated Modbus TCP exposure on the Delta Electronics DVP12SE programmable logic controller lets any network-reachable attacker invoke security-sensitive PLC functions - reading and writing process registers, coils, and configuration - with no credentials or access control. The flaw (CWE-306, Missing Authentication for a Critical Function) carries a CVSS 4.0 base of 9.3 and is documented in Delta advisory PCSA-2026-00011 alongside CVE-2026-12818. There is no public exploit identified at time of analysis and no CISA KEV listing, but the Modbus protocol is trivially scriptable and well understood, lowering the practical exploitation bar.

Authentication Bypass Dvp 12Se
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Resource exhaustion in Delta Electronics DVP12SE programmable logic controllers lets remote attackers crash or hang the device by overwhelming its Modbus TCP service, which lacks connection/resource throttling (CWE-770). Any host able to reach the PLC's Modbus TCP port can degrade or deny control of the affected industrial process. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the unauthenticated network attack surface makes it a meaningful availability risk in OT environments.

Denial Of Service Dvp 12Se
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy