CVE-2026-12819

CRITICAL

DVP-12SE Missing Authentication and Unauthorized Write access Vulnerability

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-12819. PoCs published by HermesNA-1.

AI-analyzed exploit summary The repository contains an auto-generated stub module for CVE-2026-12819, an authentication bypass vulnerability in Delta Electronics DVP12SE PLC's Modbus TCP service. The code includes placeholder logic for probing the target but lacks actual exploit implementation for unauthenticated interaction with PLC functions.

Description

Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions.

Exploits (1)

github STUB 1 stars
by HermesNA-1 · pythonpoc
https://github.com/HermesNA-1/SnakeSploit/tree/main/data/modules_generated/cve-2026-12819_delta_electronics_dvp12se.py

The repository contains an auto-generated stub module for CVE-2026-12819, an authentication bypass vulnerability in Delta Electronics DVP12SE PLC's Modbus TCP service. The code includes placeholder logic for probing the target but lacks actual exploit implementation for unauthenticated interaction with PLC functions.

Classification
Stub 98%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Theoretical
Target: Delta Electronics DVP12SE PLC
No auth needed
Prerequisites: Network access to the PLC's Modbus TCP port · Knowledge of Modbus protocol commands for the target device
mistral-large-3 · analyzed Jul 09, 2026 Full analysis →

Scores

CVSS v4 9.3
EPSS 0.0031
EPSS Percentile 23.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-306
Status published
Products (1)
deltaww/DVP-12SE
Published Jun 30, 2026
Tracked Since Jun 30, 2026