Description
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service (DoS) on the web interface of the device. This issue affects Regesta Smart HD-PLC - TLDPH16D2:
11.02.05.10.02.
Published: 2026-06-17
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A network attacker can send traffic with very small HTTP headers to the Regesta Smart HD‑PLC web interface, a technique known as Slow Loris, causing the device to exhaust connection resources and become unresponsive. The flaw is a classic resource exhaustion vulnerability (CWE‑770), resulting in service denial for anyone attempting to access the device’s management interface. No data theft or privilege escalation is indicated in the description.

Affected Systems

The vulnerability affects Teldat’s Regesta Smart HD‑PLC TLDPH16D2 running software version 11.02.05.10.02. The vendor has released version 11.02.06.00.02, which removes the flaw. The device is identified by the CPE tag for Teldat Regesta Smart HD‑PLC TLDPH16D2 at the stated version.

Risk and Exploitability

The CVSS score of 6.9 places the issue in the medium severity range, while the EPSS score of less than 1% indicates a very low likelihood that this vulnerability is actively exploited. The flaw is not listed in the CISA KEV catalog. The likely attack vector is remote network access to the device’s HTTP interface, with no authentication required or registration needed for the exploit to work.

Generated by OpenCVE AI on June 18, 2026 at 12:36 UTC.

Remediation

Vendor Solution

The provider has implement the new version 11.02.06.00.02 which solves the security problems detected in the affected version. The end user has to download the new version in the Teldat - Client Support Portal and implement it in the device ( https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&none=true&language=en-US ).


OpenCVE Recommended Actions

  • Update the device to firmware 11.02.06.00.02 obtained from the Teldat Client Support Portal.
  • If updating immediately is not feasible, configure the network perimeter to block or rate‑limit HTTP connections to the device from untrusted sources as a temporary safeguard.
  • Enable monitoring of device logs for prolonged, slow HTTP requests and set alerts for abnormal activity, to detect and respond to potential Slow Loris attempts.

Generated by OpenCVE AI on June 18, 2026 at 12:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 11:45:00 +0000


Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
Description An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service (DoS) on the web interface of the device. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.
Title WEB SERVICE (HTTP) DENIAL OF SERVICE VIA SLOW HEADERS ON REGESTA SMART HD-PLC OF TELDAT
First Time appeared Teldat
Teldat regesta Smart Hd-plc - Tldph16d2
Weaknesses CWE-770
CPEs cpe:2.3:a:teldat:regesta_smart_hd-plc_-_tldph16d2:11.02.05.10.02:*:*:*:*:*:*:*
cpe:2.3:a:teldat:regesta_smart_hd-plc_-_tldph16d2:11.02.06.00.02:*:*:*:*:*:*:*
Vendors & Products Teldat
Teldat regesta Smart Hd-plc - Tldph16d2
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}


Subscriptions

Teldat Regesta Smart Hd-plc - Tldph16d2
cve-icon MITRE

Status: PUBLISHED

Assigner: HackRTU

Published:

Updated: 2026-07-01T11:17:35.841Z

Reserved: 2026-02-24T08:59:28.139Z

Link: CVE-2026-27869

cve-icon Vulnrichment

Updated: 2026-06-17T14:20:17.657Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T23:05:07Z

Weaknesses
  • CWE-770

    Allocation of Resources Without Limits or Throttling