Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable, unauthenticated DoS with no scope change; availability impact limited to web interface only, yielding A:L with no confidentiality or integrity impact.
Primary rating from Vendor (HackRTU).
CVSS VectorVendor: HackRTU
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service (DoS) on the web interface of the device. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.
AnalysisAI
The web management interface of the Teldat Regesta Smart HD-PLC (model TLDPH16D2, firmware 11.02.05.10.02) is susceptible to resource exhaustion via a Slow Loris attack, making the administrative interface unavailable to legitimate operators. An unauthenticated network attacker can trigger this condition without any prior registration or credentials, as the embedded web server imposes no connection-hold limits or timeouts per CWE-770. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attack requires network reachability to the Teldat Regesta Smart HD-PLC TLDPH16D2 web management interface (typically TCP port 80 or 443) running firmware version 11.02.05.10.02. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 6.9 correctly captures a network-reachable, unauthenticated, low-complexity DoS with limited availability impact (VA:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker with network access to the device's HTTP web interface uses a readily available Slow Loris tool to open hundreds of partial HTTP connections, each drip-feeding incomplete request headers at slow intervals to prevent server-side timeout. Within seconds to minutes the embedded web server exhausts its connection pool, rendering the management interface unresponsive to any further legitimate administrator sessions. … |
| Remediation | Apply the vendor-released patch available through the Teldat customer support portal at https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&none=true&language=en-US. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Unauthenticated information disclosure in the Teldat Regesta Smart HD-PLC (model TLDPH16D2, firmware 11.02.05.10.02) exp
Stored cross-site scripting in Teldat's Regesta Smart HD-PLC (TLDPH16D2, firmware 11.02.05.10.02) allows a privileged, a
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37578