| CVE ID | CVSS Score | Severity | Description |
|---|---|---|---|
| CVE-2026-12818 | 9.8 | critical |
Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling (CWE-770) within their Modbus TCP service. A remote attacker could exploit this vulnerability by flooding the Modbus port (TCP/502) with a continuous stream of raw network packets or specially crafted and malformed packets.
|
| CVE-2026-12819 | 9.8 | critical |
The Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions. The device accepts Modbus commands from any reachable network source without requiring credentials, privilege validation, or operator approval, allowing unauthorized read and write access to coils, holding registers, operational memory, relay states, and process control functions.
|
| Vendor | Product | Asset Type | Purdue Level | Firmware |
|---|---|---|---|---|
| Delta Electronics | Unknown | plc |
L1
|
-- |