Cross-Site Scripting Vulnerability in Regesta Smart HD-PLC by Teldat
CVE-2026-27870

4.8MEDIUM

Key Information:

Vendor

Teldat

Status
Regesta Smart Hd-plc - Tldph16d2
Vendor
CVE Published:
17 June 2026

What is CVE-2026-27870?

The Regesta Smart HD-PLC by Teldat is vulnerable to a Cross-Site Scripting (XSS) attack, which allows an unauthorized attacker with network access to inject arbitrary JavaScript code. This can be accomplished through the 'Hostname' field in the configuration file. Successful exploitation can lead to security risks, making it essential for users to apply necessary patches and upgrades. The vulnerability impacts version TLDPH16D2: 11.02.05.10.02 and requires registration action to execute the attack.

Affected Version(s)

Regesta Smart HD-PLC - TLDPH16D2 11.02.05.10.02

Regesta Smart HD-PLC - TLDPH16D2 11.02.06.00.02

References

https://www.hackrtu.com/blog/CNA-HRTU-0002/
technical-descriptionpatch
https://www.hackrtu.com/blog/CNA-CVE-2026-27870/
technical-descriptionpatch
https://www.teldat.com/es/
product

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Aarón Flecha Menéndez
VĂ­ctor Bello Cuevas
.