Critical Delta PLC Vulnerabilities Spotlight Operational Risk for Industrial Control Systems

What happened

Security researchers from OPSWAT’s Unit 515 have disclosed four significant vulnerabilities in the Delta Electronics DVP-12SE11T programmable logic controller (PLC), a device widely used in industrial automation and control systems. Three of the flaws carry critical severity ratings (CVSS scores above 9.0), including authentication bypass and out-of-bounds memory write bugs that could allow unauthenticated attackers to manipulate device behavior or disrupt operations. Delta released firmware fixes in late December 2025 to address these issues after responsible disclosure and coordination with researchers.

Who is affected

Operators across sectors that deploy Delta DVP-12SE11T PLCs, such as water treatment, food and beverage processing, and other automated industrial environments, are directly affected. These controllers are deeply embedded in operational technology (OT) networks, and many sites may not be able to patch promptly due to uptime requirements. 

Why CISOs should care

PLCs directly control physical industrial processes; exploitation could result not just in data loss but physical process disruption or safety incidents. Loc Nguyen, Unit 515 penetration test team lead at OPSWAT, warns that compromised PLCs can create unsafe conditions or cause equipment damage if misused. Furthermore, state-level threat actors with OT access capabilities, such as those associated with Volt Typhoon, UNC3886, and APT41, may have the skills to reach these devices and attempt exploitation.

3 Practical Actions for CISOs

1. Apply Delta’s firmware updates: Prioritize upgrading impacted PLCs to firmware version 2.16 or later where operationally feasible and test patches in staging environments to reduce risk of disruption.
2. Harden OT network segmentation: Ensure PLCs are isolated from corporate and internet-facing networks via firewalls and strict access controls; use VPNs or secure remote access tools if connectivity is needed. 
3. Monitor and detect anomalies: Implement continuous OT monitoring for unusual network activity or attempts to communicate with these PLCs, and integrate CVE scanning into vulnerability management to spot future issues early.