{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27870", "assignerOrgId": "ffb98d57-deaa-4918-a669-5225ccc13e39", "state": "PUBLISHED", "assignerShortName": "HackRTU", "dateReserved": "2026-02-24T08:59:28.139Z", "datePublished": "2026-06-17T08:13:37.162Z", "dateUpdated": "2026-06-17T08:13:37.162Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ffb98d57-deaa-4918-a669-5225ccc13e39", "shortName": "HackRTU", "dateUpdated": "2026-06-17T08:13:37.162Z"}, "title": "CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT", "datePublic": "2026-06-17T08:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}, {"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "affected": [{"vendor": "Teldat", "product": "Regesta Smart HD-PLC - TLDPH16D2", "versions": [{"status": "affected", "version": "11.02.05.10.02"}, {"status": "unaffected", "version": "11.02.06.00.02"}], "defaultStatus": "unknown"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:teldat:regesta_smart_hd-plc_-_tldph16d2:11.02.05.10.02:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:teldat:regesta_smart_hd-plc_-_tldph16d2:11.02.06.00.02:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en", "value": "An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaScript by injecting a\u00a0Cross-site Scripting (XSS)\u00a0 payload into the 'Hostname' field of the configuration file resulting in a\u00a0XSS\u00a0in the path /upgrade/query.php?cmd=p+3%3Bversion.\u00a0This issue affects Regesta Smart HD-PLC - TLDPH16D2: \n11.02.05.10.02.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaScript by injecting a&nbsp;<b>Cross-site Scripting (XSS)</b>&nbsp; payload into the '<i>Hostname</i>' field of the configuration file resulting in a&nbsp;XSS&nbsp;in the path <i><b>/upgrade/query.php?cmd=p+3%3Bversion</b></i>.&nbsp;<span>T</span><span>his issue affects Regesta Smart HD-PLC - TLDPH16D2: \n11.02.05.10.02.</span>"}]}], "references": [{"url": "https://www.hackrtu.com/blog/CNA-HRTU-0002/", "tags": ["technical-description", "patch"]}, {"url": "https://www.hackrtu.com/blog/CNA-CVE-2026-27870/", "tags": ["technical-description", "patch"]}, {"url": "https://www.teldat.com/es/", "tags": ["product"]}, {"url": "https://support.teldat.com/images/content/docs/Teldat_dm1087_regesta_smart_nessum_series_installation(1).pdf", "tags": ["product"]}, {"url": "https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&none=true&language=en-US", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}], "solutions": [{"lang": "en", "value": "The provider has implement the new version\u00a011.02.05.10.02 which solves the security problems detected in the affected version. The end user has to download the new version in the Teldat - Client Support Portal and implement it in the device (\n https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&none=true&language=en-US ).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The provider has implement the new version&nbsp;<b>11.02.05.10.02</b> which solves the security problems detected in the affected version. The end user has to download the new version in the <b>Teldat - Client Support Portal</b> and implement it in the device (\n<a href=\"https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&amp;none=true&amp;language=en-US\" title=\"https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&amp;none=true&amp;language=en-US\">https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&amp;none=true&amp;language=en-US</a>)."}]}], "timeline": [{"time": "2026-02-20T09:00:00.000Z", "lang": "en", "value": "Vulnerability detection by the researchers"}, {"time": "2026-02-22T09:00:00.000Z", "lang": "en", "value": "Report from researchers to the CNA of HackRTU"}, {"time": "2026-02-25T09:00:00.000Z", "lang": "en", "value": "Report from HackRTU CNA to the provider"}, {"time": "2026-05-29T08:00:00.000Z", "lang": "en", "value": "New version published by the provider"}, {"time": "2026-06-17T08:00:00.000Z", "lang": "en", "value": "Vulnerabilities published by HackRTU's CNA"}], "credits": [{"lang": "en", "value": "Aar\u00f3n Flecha Men\u00e9ndez", "type": "finder"}, {"lang": "en", "value": "V\u00edctor Bello Cuevas", "type": "finder"}], "source": {"advisory": "HRTU#0003", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{}

{}

{}

{}