Impact
The vulnerability is a stored cross‑site scripting flaw that permits an attacker who can access the PLC’s network management interface to inject malicious JavaScript into the Hostname field of its configuration file. When a legitimate user later accesses the /upgrade/query.php endpoint with a crafted command, the injected script runs in the victim’s browser context, potentially disclosing credentials, manipulating the interface or injecting further attacks. The impact is confined to the browser session of users who visit the affected page, but a malicious script could compromise multiple users if the web UI is widely used.
Affected Systems
Units of the Teldat Regesta Smart HD‑PLC model TLDPH16D2 running firmware version 11.02.05.10.02 are affected. Teldat has released firmware 11.02.06.00.02 that removes the flaw.
Risk and Exploitability
The CVSS score of 4.8 denotes moderate severity, and the EPSS score of less than 1% indicates a low likelihood of current exploitation. The vulnerability is not listed in CISA KEV, and the attack requires the attacker to modify the configuration file, which typically demands network or local access to the device. After applying the vendor’s update the stored XSS vector is eliminated.
OpenCVE Enrichment