An unauthenticated access vulnerability in the Delta Electronics DVP-12SE PLC could allow unauthorized actors to manipulate critical industrial functions.

The Modbus TCP service on the device operates without authentication or access control. This allows any unauthenticated entity with network access to the device to execute sensitive commands.

With a CVSS score of 9.3, this flaw represents a significant risk to the integrity and safety of industrial operations. Unauthorized access could allow an attacker to modify PLC logic or state, potentially resulting in physical damage to equipment or hazardous process conditions.

Immediate Action: Apply the latest firmware update provided by Delta Electronics to implement necessary authentication mechanisms.

Proactive Monitoring: Audit network traffic for unauthorized Modbus TCP connections and maintain rigorous logs of all interactions with the PLC.

Compensating Controls: Use a VPN or secure gateway to ensure that the PLC is not directly accessible over the public internet or untrusted segments of the internal network.

Public Exploit Available: Not specified

This vulnerability presents an extreme risk due to the lack of access control on sensitive industrial equipment. It is imperative to restrict network access to the device immediately and apply vendor-supplied updates to enforce proper authentication.