How is CVE-2026-12819 exploited?

Network reachability (required): The Modbus TCP service is exposed over the network, so an attacker must be able to reach the device's port from a network-connected host. Authentication (not-required): The service has no authentication or access control, so no credentials of any privilege level are needed to interact with PLC functions. Victim interaction (not-required): Exploitation is entirely attacker-driven; no action from an operator or user of the device is required. Attack complexity (info): The exploit is reliable and condition-free, requiring no race conditions, memory layout knowledge, or other environmental factors to succeed.

What is the impact of CVE-2026-12819?

Reads live process data and internal register values from the PLC, exposing operational state and sensor readings. Writes arbitrary values to PLC outputs and memory registers, directly manipulating connected physical equipment or processes. Halts or disrupts PLC execution, causing loss of control over whatever physical process the device manages. Provides a foothold to map and potentially pivot to other devices on the same industrial control network.

Back to search

CRITICALCVE-2026-12819Published 2026-06-30Modified 2026-06-30CNA Deltaww

CVE-2026-12819: DVP-12SE Missing Authentication and Unauthorized Write access Vulnerability

Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions.

CVSS v4.0: 9.3
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

This is a missing authentication vulnerability in the Delta Electronics DVP-12SE programmable logic controller (PLC). The device exposes a Modbus TCP service over the network with no authentication or access control, meaning any network-reachable host can issue commands directly to security-sensitive PLC functions without credentials. Successful exploitation gives an attacker full read access to process data, the ability to write arbitrary values to PLC outputs and registers, and the ability to disrupt or halt physical operations controlled by the device. HarborGuard is tracking the upstream advisory for patch availability and will make a patched-image rebuild available the moment a fix is published.

HarborGuard Coverage

Detection

Detection of CVE-2026-12819 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images that bundle DVP-12SE firmware or Modbus-adjacent components. Coverage applies to images in both registry scans and active CI/CD pipeline checks.

Available

Triage

Triage is available using the CVSS v4.0 score of 9.3 (Critical), weighted further against each customer environment's compliance policy to reflect operational technology (OT) sensitivity and network exposure rules. Findings are routed to the appropriate team inbox within each customer organization based on configured ownership and severity thresholds.

Available

Patch

Because no fix version has been published by Delta Electronics, HarborGuard re-checks the upstream advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be triggered without requiring manual intervention once a patch exists.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The Modbus TCP service is exposed over the network, so an attacker must be able to reach the device's port from a network-connected host.
AuthenticationNot required
The service has no authentication or access control, so no credentials of any privilege level are needed to interact with PLC functions.
Victim interactionNot required
Exploitation is entirely attacker-driven; no action from an operator or user of the device is required.
Attack complexityDetail
The exploit is reliable and condition-free, requiring no race conditions, memory layout knowledge, or other environmental factors to succeed.

Blast Radius

Reads live process data and internal register values from the PLC, exposing operational state and sensor readings.
Writes arbitrary values to PLC outputs and memory registers, directly manipulating connected physical equipment or processes.
Halts or disrupts PLC execution, causing loss of control over whatever physical process the device manages.
Provides a foothold to map and potentially pivot to other devices on the same industrial control network.

How HarborGuard Handles This

Available on HarborGuard: scanning for CVE-2026-12819 is active across all connected registries and pipelines, matching against any image that includes DVP-12SE firmware layers or Modbus TCP service components. Because Delta Electronics has not yet published a fix, no patched-image rebuild is available at this time. HarborGuard re-evaluates the upstream advisory on every ingest cycle and will trigger the rebuild-and-PR flow automatically for customers with auto-remediation enabled the moment a fix version is released. In the interim, compensating controls to consider include network-policy isolation to restrict which hosts can reach the Modbus TCP port, egress filtering at the segment boundary to prevent lateral movement from a compromised PLC, and feature-flag or firewall gating to disable external Modbus TCP access where operational requirements permit. Customers should review the CNA advisory from Deltaww directly for any interim mitigations issued outside of a formal fix version.

See how HarborGuard automates this

Affected packages

deltaww / DVP-12SE
*

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

filecenter.deltaww.com

Metrics

Get notified