CVE-2026-12818
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling (CWE-770) within their Modbus TCP service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| deltaww | DVP-12SE | * | affected |
Weaknesses
- CWE-770: CWE-770 Allocation of resources without limits or throttling
Workarounds
Users are recommended to take the following mitigation measures:
Enable the IP Filter feature: Configure and enable the PLC's built-in IP Filter function via the programming software. Restrict access exclusively to the IP addresses of trusted devices (such as designated HMI panels or SCADA hosts) to block unauthorized network access.
Set up PLC password protection: Enable password protection for the PLC within the programming software to ensure the device's core control logic and parameters cannot be easily downloaded, overwritten, or tampered with.
Implement network isolation and firewall protection: Deploy the PLC within an independent local area network (OT control network) secured by a firewall. Never connect the device directly to the office network or the Internet. If remote access is required, enforce the use of a secure, authorized VPN tunnel.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.