Description
Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling (CWE-770) within their Modbus TCP service.
Published: 2026-06-30
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A resource allocation flaw with no limits or throttling in the Modbus TCP service of the Delta Electronics DVP-12SE PLCs means that an attacker can send a large amount of requests and exhaust CPU, memory, or other critical resources, resulting in a loss of availability for the device and any processes that depend on it. The vulnerability is classified as CWE-770, a resource exhaustion weakness. The flaw can be leveraged from a remote network connection to the Modbus port, potentially disrupting operational control systems.

Affected Systems

Delta Electronics DVP-12SE programmable logic controllers are affected. No specific firmware or product versions were disclosed, so the issue likely applies to all releases that include the Modbus TCP service.

Risk and Exploitability

The CVSS base score of 9.3 indicates a high severity risk. Although the EPSS score is not available, the absence of a set throttling limit suggests that exploitation is straightforward for an attacker. The likely attack vector is inferred from the description to be a flood of Modbus TCP requests sent over an external network connection to the PLC’s Modbus port, potentially exhausting device resources and causing a denial of service. The vulnerability is not listed in the CISA KEV catalog, but the high CVSS and inferred ease of exploitation mean that immediate mitigation is advisable.

Generated by OpenCVE AI on June 30, 2026 at 08:51 UTC.

Remediation

Vendor Workaround

Users are recommended to take the following mitigation measures: * Enable the IP Filter feature: Configure and enable the PLC's built-in IP Filter function via the programming software. Restrict access exclusively to the IP addresses of trusted devices (such as designated HMI panels or SCADA hosts) to block unauthorized network access. * Set up PLC password protection: Enable password protection for the PLC within the programming software to ensure the device's core control logic and parameters cannot be easily downloaded, overwritten, or tampered with. * Implement network isolation and firewall protection: Deploy the PLC within an independent local area network (OT control network) secured by a firewall. Never connect the device directly to the office network or the Internet. If remote access is required, enforce the use of a secure, authorized VPN tunnel.

OpenCVE Recommended Actions

  • Enable the PLC’s built‑in IP filter, restricting access to known HMI and SCADA IP addresses
  • Turn on password protection in the PLC programming software to prevent unauthorized download or modification of logic
  • Deploy the PLC on an isolated OT local area network protected by a firewall and never connect it directly to corporate or public networks
  • If remote access is required, enforce a secure, authorized VPN tunnel for any external connections

Generated by OpenCVE AI on June 30, 2026 at 08:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 30 Jun 2026 07:15:00 +0000

Type Values Removed Values Added
Description Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling (CWE-770) within their Modbus TCP service.
Title DVP-12SE Exposure of Sensitive Information Vulnerability
First Time appeared Deltaww
Deltaww dvp-12se
Weaknesses CWE-770
CPEs cpe:2.3:a:deltaww:dvp-12se:*:*:*:*:*:*:*:*
Vendors & Products Deltaww
Deltaww dvp-12se
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Deltaww Dvp-12se
cve-icon MITRE

Status: PUBLISHED

Assigner: Deltaww

Published:

Updated: 2026-06-30T12:55:02.858Z

Reserved: 2026-06-21T10:18:09.710Z

Link: CVE-2026-12818

cve-icon Vulnrichment

Updated: 2026-06-30T12:54:59.255Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T13:15:05Z

Weaknesses
  • CWE-770

    Allocation of Resources Without Limits or Throttling