CVE-2026-12819
Received Received - Intake

Unauthenticated Modbus TCP Access in Delta DVP12SE PLC

Publication date: 2026-06-30

Last updated on: 2026-06-30

Assigner: Deltaww

Description
Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-30
Last Modified
2026-06-30
Generated
2026-06-30
AI Q&A
2026-06-30
EPSS Evaluated
N/A
NVD
CVE-2026-12819
EUVD
EUVD-2026-40258

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves the Delta Electronics DVP12SE Programmable Logic Controller (PLC) exposing a Modbus TCP service on a specified port without any authentication or access control.

Because of this lack of security measures, an attacker can interact with security-sensitive functions of the PLC without needing to authenticate, potentially allowing unauthorized control or manipulation.

Impact Analysis

The vulnerability can have severe impacts because it allows unauthenticated users to access and interact with critical PLC functions.

  • Unauthorized control or manipulation of industrial processes controlled by the PLC.
  • Potential disruption of operations or safety mechanisms.
  • High risk of causing significant damage or downtime due to the high severity score (CVSS 9.3).

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12819. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart