Description
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting (XSS)  payload into the 'Hostname' field of the configuration file resulting in a XSS in the path /upgrade/query.php?cmd=p+3%3Bversion. This issue affects Regesta Smart HD-PLC - TLDPH16D2:
11.02.05.10.02.
Published: 2026-06-17
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stored cross‑site scripting flaw that permits an attacker who can access the PLC’s network management interface to inject malicious JavaScript into the Hostname field of its configuration file. When a legitimate user later accesses the /upgrade/query.php endpoint with a crafted command, the injected script runs in the victim’s browser context, potentially disclosing credentials, manipulating the interface or injecting further attacks. The impact is confined to the browser session of users who visit the affected page, but a malicious script could compromise multiple users if the web UI is widely used.

Affected Systems

Units of the Teldat Regesta Smart HD‑PLC model TLDPH16D2 running firmware version 11.02.05.10.02 are affected. Teldat has released firmware 11.02.06.00.02 that removes the flaw.

Risk and Exploitability

The CVSS score of 4.8 denotes moderate severity, and the EPSS score of less than 1% indicates a low likelihood of current exploitation. The vulnerability is not listed in CISA KEV, and the attack requires the attacker to modify the configuration file, which typically demands network or local access to the device. After applying the vendor’s update the stored XSS vector is eliminated.

Generated by OpenCVE AI on June 18, 2026 at 12:36 UTC.

Remediation

Vendor Solution

The provider has implement the new version 11.02.06.00.02 which solves the security problems detected in the affected version. The end user has to download the new version in the Teldat - Client Support Portal and implement it in the device ( https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&none=true&language=en-US ).


OpenCVE Recommended Actions

  • Apply the firmware update 11.02.06.00.02 from the Teldat Client Support Portal to all impacted PLC units
  • Restrict access to the device’s management interface to trusted IP ranges or a VPN to limit the attacker’s ability to modify configuration
  • Ensure that only privileged accounts can edit the Hostname field and apply least‑privilege policies for configuration changes
  • Monitor and audit configuration logs for unauthorized changes that could indicate an ongoing attack

Generated by OpenCVE AI on June 18, 2026 at 12:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 11:45:00 +0000


Wed, 17 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
Description An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting (XSS)  payload into the 'Hostname' field of the configuration file resulting in a XSS in the path /upgrade/query.php?cmd=p+3%3Bversion. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.
Title CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT
First Time appeared Teldat
Teldat regesta Smart Hd-plc - Tldph16d2
Weaknesses CWE-79
CPEs cpe:2.3:a:teldat:regesta_smart_hd-plc_-_tldph16d2:11.02.05.10.02:*:*:*:*:*:*:*
cpe:2.3:a:teldat:regesta_smart_hd-plc_-_tldph16d2:11.02.06.00.02:*:*:*:*:*:*:*
Vendors & Products Teldat
Teldat regesta Smart Hd-plc - Tldph16d2
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Teldat Regesta Smart Hd-plc - Tldph16d2
cve-icon MITRE

Status: PUBLISHED

Assigner: HackRTU

Published:

Updated: 2026-07-01T11:18:07.193Z

Reserved: 2026-02-24T08:59:28.139Z

Link: CVE-2026-27870

cve-icon Vulnrichment

Updated: 2026-06-17T12:47:49.140Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T23:05:09Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')