CVE-2025-15102 - Vulnerability Details - OpenCVE

DVP-12SE11T - Password Protection Bypass

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00039.

Exploitation none

Automatable yes

Technical Impact partial

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

Users are advised to implement robust network-level countermeasures in accordance with industry best practices for security. We recommend that users take the following security precautions: > Utilize the Product's IP Whitelisting Feature: Employ the device's built-in IP whitelisting function to restrict Modbus/TCP access solely to known, trusted client IP addresses. > Implement Network Segmentation: Ensure the product is placed within a highly segregated zone > Utilize industrial firewalls to monitor Modbus/TCP traffic

Workaround

No workaround given by the vendor.

References

Link	Providers
https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf

History

Tue, 30 Dec 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 30 Dec 2025 09:00:00 +0000

Type	Values Removed	Values Added
Description		DVP-12SE11T - Password Protection Bypass
Title		DVP-12SE11T - Password Protection Bypass
Weaknesses		CWE-288
References		https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Deltaww

Published: 2025-12-30T08:48:31.567Z

Updated: 2025-12-30T15:57:12.209Z

Reserved: 2025-12-26T03:25:49.157Z

Link: CVE-2025-15102

Vulnrichment

Updated: 2025-12-30T15:55:49.852Z

NVD

Status : Received

Published: 2025-12-30T09:15:52.157

Modified: 2025-12-30T09:15:52.157

Link: CVE-2025-15102

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-288

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15102", "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "state": "PUBLISHED", "assignerShortName": "Deltaww", "dateReserved": "2025-12-26T03:25:49.157Z", "datePublished": "2025-12-30T08:48:31.567Z", "dateUpdated": "2025-12-30T15:57:12.209Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DVP-12SE11T", "vendor": "Delta Electronics", "versions": [{"lessThan": "2.16", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT"}], "datePublic": "2025-12-30T08:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "DVP-12SE11T - Password Protection Bypass<br>"}], "value": "DVP-12SE11T - Password Protection Bypass"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "shortName": "Deltaww", "dateUpdated": "2025-12-30T08:48:31.567Z"}, "references": [{"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Users are advised to implement robust network-level countermeasures in accordance with industry best practices for security.<br>We recommend that users take the following security precautions:<br>> Utilize the Product's IP Whitelisting Feature: Employ the device's built-in IP whitelisting function to restrict Modbus/TCP access solely to known, trusted client IP addresses.<br>> Implement Network Segmentation: Ensure the product is placed within a highly segregated zone<br>> Utilize industrial firewalls to monitor Modbus/TCP traffic<br>"}], "value": "Users are advised to implement robust network-level countermeasures in accordance with industry best practices for security.\nWe recommend that users take the following security precautions:\n> Utilize the Product's IP Whitelisting Feature: Employ the device's built-in IP whitelisting function to restrict Modbus/TCP access solely to known, trusted client IP addresses.\n> Implement Network Segmentation: Ensure the product is placed within a highly segregated zone\n> Utilize industrial firewalls to monitor Modbus/TCP traffic"}], "source": {"discovery": "EXTERNAL"}, "title": "DVP-12SE11T - Password Protection Bypass", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-30T13:47:30.681140Z", "id": "CVE-2025-15102", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-30T15:57:12.209Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15102", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-30T13:47:30.681140Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-30T15:55:49.852Z"}}], "cna": {"title": "DVP-12SE11T - Password Protection Bypass", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Delta Electronics", "product": "DVP-12SE11T", "versions": [{"status": "affected", "version": "0", "lessThan": "2.16", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Users are advised to implement robust network-level countermeasures in accordance with industry best practices for security.\nWe recommend that users take the following security precautions:\n> Utilize the Product's IP Whitelisting Feature: Employ the device's built-in IP whitelisting function to restrict Modbus/TCP access solely to known, trusted client IP addresses.\n> Implement Network Segmentation: Ensure the product is placed within a highly segregated zone\n> Utilize industrial firewalls to monitor Modbus/TCP traffic", "supportingMedia": [{"type": "text/html", "value": "Users are advised to implement robust network-level countermeasures in accordance with industry best practices for security.<br>We recommend that users take the following security precautions:<br>> Utilize the Product's IP Whitelisting Feature: Employ the device's built-in IP whitelisting function to restrict Modbus/TCP access solely to known, trusted client IP addresses.<br>> Implement Network Segmentation: Ensure the product is placed within a highly segregated zone<br>> Utilize industrial firewalls to monitor Modbus/TCP traffic<br>", "base64": false}]}], "datePublic": "2025-12-30T08:30:00.000Z", "references": [{"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "DVP-12SE11T - Password Protection Bypass", "supportingMedia": [{"type": "text/html", "value": "DVP-12SE11T - Password Protection Bypass<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "shortName": "Deltaww", "dateUpdated": "2025-12-30T08:48:31.567Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15102", "state": "PUBLISHED", "dateUpdated": "2025-12-30T15:57:12.209Z", "dateReserved": "2025-12-26T03:25:49.157Z", "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "datePublished": "2025-12-30T08:48:31.567Z", "assignerShortName": "Deltaww"}, "dataVersion": "5.2"}