CISA 2026-06-30

Delta Electronics DVP12SE PLC

Machine-generated analysis · WAYSCloud LLM

The advisory states that all versions of the Delta Electronics DVP12SE PLC are affected by vulnerabilities allowing unauthenticated remote access to critical control functions via Modbus TCP.

Context

The Delta Electronics DVP12SE PLC is a programmable logic controller used in industrial environments. The advisory states that it exposes a Modbus TCP service without authentication, enabling unauthenticated read and write access to critical operational functions. This affects all product versions, with no patch currently available. The vendor has recommended using the built-in IP filter and enabling password protection as mitigations.

Operator considerations

Check: Identify all instances of Delta Electronics DVP12SE PLC in the network.
Isolate: Restrict network access to the PLC using firewalls or VLANs.
Patch: No patch is available; monitor vendor updates for a fix.
Log: Monitor Modbus TCP traffic to and from the PLC for unauthorized access attempts.

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of these vulnerabilities could allow an attacker to remotely issue commands, modify operational values, interfere with control logic, and alter device behavior without authentication or privilege enforcement.

The following versions of Delta Electronics DVP12SE PLC are affected:

DVP12SE PLC vers:all/* (CVE-2026-12819, CVE-2026-12818)

Vendor

Equipment

Delta Electronics

Delta Electronics DVP12SE PLC

Missing Authentication for Critical Function, Allocation of Resources Without Limits or Throttling

Critical Infrastructure Sectors: Critical Manufacturing

Countries/Areas Deployed: Worldwide

Company Headquarters Location: Taiwan

The Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions. The device accepts Modbus co...

Read the full advisory on CISA →