CVE Catalog

CVE-2026-12819

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

Delta Electronics DVP12SE PLC exposes a Modbus TCP service without authentication or access control, allowing unauthenticated attackers to interact with security-sensitive PLC functions.

Risk Assessment

The organization is at risk of unauthorized modifications to PLC parameters, potentially causing industrial process disruptions, equipment damage, or personnel safety hazards.

Recommendation

Immediately implement authentication and access control for the Modbus TCP service, and restrict network access to the PLC using firewalls and OT network segmentation.

Original NVD description (English source)

Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS