CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-12818

criticalcovered by 2 sourcesfirst seen 2026-06-30
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to remotely issue commands, modify operational values, interfere with control logic, and alter device behavior without authentication or privilege enforcement. The following versions of Delta Electronics DVP12SE PLC are affected: DVP12SE PLC vers:all/* (CVE-2026-12819, CVE-2026-12818) CVSS Vendor Equipment Vulnerabilities v3 9.8 Delta Electronics Delta Electronics DVP12SE PLC Missing Authentication for Critical Function, Allocation of Resources Without Limits or Throttling Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Taiwan Vulnerabilities Expand All + CVE-2026-12819 The Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions. The device accepts Modbus commands from any reachable network source without requiring credentials, privilege validation, or operator approval, allowing unauthorized read and write access to coils, holding registers, operational memory, relay states, and process control functions. View CVE Details Affected Products Delta Electronics DVP12SE PLC Vendor: Delta Electronics Product Version: Delta Electronics DVP12SE PLC: vers:all/* Product Status: known_affected Remediations Mitigation Delta Electronics is aware of these vulnerabilities and is currently working on a fix. Mitigation Delta Electronics recommends users apply the following workarounds: Mitigation Enable the IP Filter feature: Configure and enable the PLC's built-in IP Filter function via the programming software. Restrict access exclusively to the IP addresses of trusted devices (such as designated HMI panels or SCADA hosts) to block unauthorized network access.Set up PLC password protection: Enable password protection for the PLC within the programming software to e

CSIRTS triage

What
Exploitation could allow remote command issuance and modification of operational values without authentication.
Who is affected
Users of DVP12SE PLC devices.
Urgency
Remediation is critical due to the high risk of exploitation.
Action
Implement security measures and updates as soon as possible.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-12818

Get an email if CVE-2026-12818 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2026-12818

CVE.org record

Embed the live status

CVE-2026-12818 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-12818 status](https://www.csirts.com/badge/CVE-2026-12818)](https://www.csirts.com/cve/CVE-2026-12818)