CVE-2025-62578
Cleartext Transmission Vulnerability in DVP-12SE Modbus/TCP Protocol
Publication date: 2025-12-26
Last updated on: 2025-12-26
Assigner: Deltaww
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| delta_electronics | dvp-12se | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves cleartext transmission of sensitive information over Modbus/TCP, which exposes data to interception and potential exploitation. This lack of encryption and protection of sensitive data could lead to non-compliance with common standards and regulations such as GDPR and HIPAA, which require safeguarding sensitive information during transmission. However, no explicit mention of compliance impact is provided in the resources. Users are advised to implement network-level mitigations to reduce risk. [1]
Can you explain this vulnerability to me?
CVE-2025-62578 is a vulnerability in the Delta Electronics DVP-12SE device where sensitive information is transmitted in cleartext over the Modbus/TCP protocol. This means that data sent between devices is not encrypted, making it possible for attackers to intercept and access sensitive information during communication. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized interception and exposure of sensitive information transmitted by the DVP-12SE device. Attackers could exploit this to gain insights into control system operations, potentially leading to operational disruptions, data breaches, or further attacks on industrial control systems. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring Modbus/TCP traffic on your network for cleartext transmission of sensitive information. You can use network packet capture tools such as Wireshark or tcpdump to inspect Modbus/TCP packets. For example, using tcpdump: `tcpdump -i <interface> port 502` to capture Modbus/TCP traffic and analyze if sensitive data is transmitted unencrypted. Additionally, industrial firewalls can be configured to monitor and log Modbus/TCP traffic for suspicious activity. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Utilizing the productβs built-in IP whitelisting feature to restrict Modbus/TCP access only to trusted client IP addresses. 2) Implementing network segmentation to isolate the DVP-12SE device within a highly segregated network zone. 3) Employing industrial firewalls to monitor and control Modbus/TCP traffic. Additionally, avoid exposing control systems to the internet, place systems behind firewalls, isolate them from business networks, and use secure remote access methods such as VPNs when remote access is necessary. Note that no patch or workaround is currently available. [1]