The password protection feature on Delta PLCs (e.g., DVP, AS, and AH series) is marketed as a means to "protect intellectual property" and "prevent unauthorized program modifications." Typically, a user sets an 8-character (or less) alphanumeric password via the ISPSoft or WPLSoft programming software. However, unlike IT systems, PLC password mechanisms are often implemented at the application layer of a proprietary or semi-standard industrial protocol, not as part of a robust security architecture. This paper investigates why this function fails against a motivated adversary.
[1] Delta Electronics, DVP-PLC User Manual (Programming) , 2019. [2] K. Stouffer, et al., Guide to Industrial Control Systems (ICS) Security , NIST SP 800-82 Rev. 2. [3] J. M. Moura, “Reverse Engineering Delta PLC Communication Protocol,” DEFCON 27 ICS Village , 2019. [4] IEC 62443-4-2: Security for IACS components. delta plc the password function is ineffective
As industrial control systems (ICS) adopt greater connectivity, the security of programmable logic controllers (PLCs) becomes paramount. Delta Electronics PLCs, widely used in automation, offer a built-in password protection function intended to prevent unauthorized access to logic and configuration. This paper critically evaluates the effectiveness of this function. Through a combination of vendor documentation analysis, reverse engineering of communication protocols (specifically Delta’s proprietary RS-485/Modbus variants and Ethernet commands), and practical attack modeling, we demonstrate that the password mechanism is fundamentally ineffective. It provides only a false sense of security, vulnerable to both trivial interception attacks and offline brute-force/cryptanalysis. We conclude that the function serves as an access hurdle rather than a true security boundary, recommending its deprecation in favor of modern, standards-based authentication. The password protection feature on Delta PLCs (e
The password function fails against three core security requirements: [1] Delta Electronics, DVP-PLC User Manual (Programming) ,
Beyond Obscurity: Analyzing the Ineffectiveness of the Password Protection Function in Delta PLCs as a Security Control
| Security Requirement | Delta PLC Implementation | Verdict | |----------------------|--------------------------|---------| | (Are you who you claim to be?) | Passes credential over wire in cleartext or weak obfuscation | Failed | | Authorization (Can you perform this action?) | No role separation; password unlocks full read/write | Failed | | Accounting (What did you do?) | No logging of failed/successful attempts | Failed |
We set up a test environment: a Delta DVP-14SS2 PLC (RS-232/RS-485) and a Delta AS228T (Ethernet). A password was set using ISPSoft.