CVE-2026-27870
Deferred Deferred - Pending Action

Cross-Site Scripting in Regesta Smart HD-PLC

Vulnerability report for CVE-2026-27870, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-17

Last updated on: 2026-07-01

Assigner: ffb98d57-deaa-4918-a669-5225ccc13e39

Description

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting (XSS)  payload into the 'Hostname' field of the configuration file resulting in a XSS in the path /upgrade/query.php?cmd=p+3%3Bversion. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-17
Last Modified
2026-07-01
Generated
2026-07-07
AI Q&A
2026-06-17
EPSS Evaluated
2026-07-06
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
teldat regesta_smart_hd-plc to 11.02.06.00.02 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-27870 is a medium-severity Cross-Site Scripting (XSS) vulnerability affecting the Regesta Smart HD-PLC - TLDPH16D2 industrial router by Teldat.

An attacker with network access and registration privileges can inject arbitrary JavaScript code into the 'Hostname' field of the device's configuration file.

This malicious script is then executed in the context of the path /upgrade/query.php?cmd=p+3%3Bversion, potentially allowing the attacker to perform unauthorized actions or steal information.

The vulnerability is due to improper neutralization of input during web page generation (CWE-79) and is classified as a Cross-Site Scripting attack (CAPEC-63).

Impact Analysis

This vulnerability allows an attacker with network access and registration privileges to execute arbitrary JavaScript code on the affected device.

Such execution can lead to unauthorized actions, data theft, session hijacking, or manipulation of the device's web interface.

Because the attack requires registration access, the risk is somewhat limited to users with elevated privileges, but it still poses a significant security concern.

Detection Guidance

This vulnerability involves Cross-Site Scripting (XSS) via the 'Hostname' field in the configuration file, which results in XSS execution at the path /upgrade/query.php?cmd=p+3%3Bversion on the Regesta Smart HD-PLC device.

To detect this vulnerability, you can attempt to access the URL path /upgrade/query.php?cmd=p+3%3Bversion on the device and observe if arbitrary JavaScript injected into the 'Hostname' field is executed.

Since the vulnerability requires registration action and network access, you may also check the configuration file's 'Hostname' field for suspicious or unexpected JavaScript payloads.

Specific commands are not provided in the available resources.

Mitigation Strategies

The immediate mitigation step is to upgrade the firmware of the Regesta Smart HD-PLC - TLDPH16D2 device to the patched version 11.02.06.00.02 provided by Teldat.

This patched version addresses the XSS vulnerability by properly neutralizing input in the 'Hostname' field.

Users should download the updated firmware from the Teldat Client Support Portal and apply it as soon as possible to reduce the risk.

Compliance Impact

The provided information does not specify how CVE-2026-27870 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27870. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart