Information Disclosure in Regesta Smart HD-PLC by Teldat
CVE-2026-27868

6.9MEDIUM

Key Information:

Vendor

Teldat

Status
Regesta Smart Hd-plc - Tldph16d2
Vendor
CVE Published:
17 June 2026

What is CVE-2026-27868?

A network-accessible vulnerability exists in Teldat's Regesta Smart HD-PLC, allowing unauthorized users to retrieve sensitive version information. By exploiting the command Version through the endpoint /upgrade/query.php?cmd=p+3&3Bversion, an attacker can gain insights into the system’s configuration without any authentication required. This issue specifically affects certain versions of the Regesta Smart HD-PLC, highlighting the importance for users to implement security measures and apply necessary patches.

Affected Version(s)

Regesta Smart HD-PLC - TLDPH16D2 11.02.05.10.02

Regesta Smart HD-PLC - TLDPH16D2 11.02.06.00.02

References

https://www.hackrtu.com/blog/CNA-HRTU-0002/
technical-descriptionpatch
https://www.hackrtu.com/blog/CNA-CVE-2026-27868/
technical-descriptionpatch
https://www.teldat.com/es/
product

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Aarón Flecha Menéndez
VĂ­ctor Bello Cuevas
.