CVE-2025-62578
📋 TL;DR
The DVP-12SE programmable logic controller transmits sensitive information in cleartext over Modbus/TCP, allowing attackers on the same network to intercept and read data. This affects industrial control systems using Delta Electronics DVP-12SE devices with Modbus/TCP enabled.
💻 Affected Systems
- Delta Electronics DVP-12SE Programmable Logic Controller
📦 What is this software?
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers intercept sensitive industrial process data, modify control commands, or cause physical damage to equipment by manipulating cleartext transmissions.
Likely Case
Unauthorized monitoring of industrial process data, potential data theft, and reconnaissance for further attacks.
If Mitigated
Limited to internal network exposure with proper segmentation; external attackers cannot access cleartext data.
🎯 Exploit Status
Exploitation requires network access to Modbus/TCP port (default 502) and ability to sniff or intercept traffic.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: N/A
Vendor Advisory: https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00021_DVP-12SE%20ModbusTCP%20Cleartext%20Transmission%20of%20Sensitive%20Info.pdf
Restart Required: No
Instructions:
No firmware patch available. Implement network-level controls and workarounds as described in vendor advisory.
🔧 Temporary Workarounds
Network Segmentation
allIsolate DVP-12SE devices in separate VLANs with strict firewall rules limiting Modbus/TCP access.
VPN Tunnel
allEncrypt Modbus/TCP traffic using site-to-site VPN between PLC and SCADA systems.
🧯 If You Can't Patch
- Implement strict network access controls to limit which systems can communicate with DVP-12SE on port 502.
- Deploy network monitoring and intrusion detection specifically for Modbus/TCP traffic anomalies.
🔍 How to Verify
Check if Vulnerable:
Use network sniffing tools (Wireshark, tcpdump) on the same network segment as DVP-12SE to capture Modbus/TCP traffic on port 502 and check for cleartext data.Check Version:
Check device firmware version through Delta programming software or device web interface if available.Verify Fix Applied:
Verify network segmentation prevents unauthorized access to port 502 and that VPN encryption is properly implemented for Modbus traffic.📡 Detection & Monitoring
Log Indicators:
- Unauthorized connection attempts to port 502
- Multiple failed Modbus function code requests
Network Indicators:
- Unencrypted Modbus/TCP traffic to/from DVP-12SE devices
- Port scanning activity targeting port 502
SIEM Query:
source_port:502 OR dest_port:502 AND (protocol:"modbus" OR protocol:"tcp")