Critical Vulnerabilities in Delta Electronics PLCs Expose Industrial Control Systems to Remote Exploitation
Critical vulnerabilities have been identified in **Delta Electronics DVP12SE PLCs**, exposing industrial control systems to severe risks. Successful exploitation could allow unauthenticated attackers to remotely issue commands, modify operational values, and interfere with control logic, potentially disrupting critical manufacturing processes worldwide.
Cybersecurity researchers have uncovered two significant vulnerabilities, **CVE-2026-12819** and **CVE-2026-12818**, affecting **Delta Electronics DVP12SE Programmable Logic Controllers (PLCs)**. These flaws present a substantial threat to critical manufacturing sectors globally, given the widespread deployment of these devices.
### Unauthenticated Access to Critical Functions
**CVE-2026-12819** stems from a missing authentication mechanism within the **Delta Electronics DVP12SE PLC's** Modbus TCP service. The device, by default, exposes this service without any authentication or access control, allowing unauthenticated interaction with highly sensitive PLC functions. This means any attacker with network access can send Modbus commands to the device without credentials or privilege validation, gaining unauthorized read and write access to coils, holding registers, operational memory, relay states, and process control functions. This vulnerability carries a CVSS v3 score of 9.8, indicating critical severity.
### Resource Exhaustion via Modbus TCP
The second vulnerability, **CVE-2026-12818**, is a resource allocation flaw without limits or throttling (**CWE-770**) in the **DVP12SE PLC's** Modbus TCP service. A remote attacker could exploit this by flooding the Modbus port (TCP/502) with a continuous stream of raw network packets or specially crafted malformed packets. This could lead to a denial-of-service condition, disrupting the PLC's operation and potentially impacting connected industrial processes.
### Affected Products
All versions of the **Delta Electronics DVP12SE PLC** are currently listed as affected by both **CVE-2026-12819** and **CVE-2026-12818**.
### Acknowledgments
These vulnerabilities were reported to **CISA** by **Adm Bin Harbi (0xnoag)** of **Corvo Security**.
### Recommended Practices for Mitigation
**CISA** strongly recommends that organizations implement defensive measures to mitigate the risk of exploitation. Key recommendations include:
* **Minimize Network Exposure:** Ensure all control system devices and systems are not directly accessible from the internet.
* **Network Segmentation:** Isolate control system networks and remote devices behind firewalls and separate them from business networks.
* **Secure Remote Access:** When remote access is necessary, utilize secure methods such as Virtual Private Networks (VPNs). Organizations should ensure VPNs are updated to the latest versions and recognize that their security is contingent on the security of connected devices.
* **Impact Analysis and Risk Assessment:** Conduct thorough impact analysis and risk assessments before deploying any defensive measures.
* **Implement Cybersecurity Strategies:** Adhere to recommended cybersecurity strategies for the proactive defense of ICS assets, including defense-in-depth methodologies.
* **Report Malicious Activity:** Organizations observing suspected malicious activity should follow internal procedures and report findings to **CISA** for tracking and correlation.
Additionally, **CISA** advises users to protect themselves from social engineering attacks by not clicking web links or opening attachments in unsolicited email messages. More information on avoiding email scams and social engineering attacks is available through **CISA's** resources.
At the time of this report, **CISA** has not received any reports of public exploitation specifically targeting these vulnerabilities.