Skip to main content

Regesta Smart HD-PLC EUVDEUVD-2026-37578

| CVE-2026-27869 MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-06-17 HackRTU
6.9
CVSS 4.0 · Vendor: HackRTU
Share

Severity by source

Vendor (HackRTU) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Network-reachable, unauthenticated DoS with no scope change; availability impact limited to web interface only, yielding A:L with no confidentiality or integrity impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (HackRTU).

CVSS VectorVendor: HackRTU

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 10:17 vuln.today

DescriptionCVE.org

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service (DoS) on the web interface of the device. This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.

AnalysisAI

The web management interface of the Teldat Regesta Smart HD-PLC (model TLDPH16D2, firmware 11.02.05.10.02) is susceptible to resource exhaustion via a Slow Loris attack, making the administrative interface unavailable to legitimate operators. An unauthenticated network attacker can trigger this condition without any prior registration or credentials, as the embedded web server imposes no connection-hold limits or timeouts per CWE-770. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify device web interface on network
Delivery
Open many partial HTTP connections without completing headers
Exploit
Send slow periodic incomplete header bytes to prevent timeout
Execution
Hold all connections open simultaneously
Persist
Exhaust embedded web server socket pool
Impact
Web management interface becomes unresponsive to legitimate users

Vulnerability AssessmentAI

Exploitation The attack requires network reachability to the Teldat Regesta Smart HD-PLC TLDPH16D2 web management interface (typically TCP port 80 or 443) running firmware version 11.02.05.10.02. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.9 correctly captures a network-reachable, unauthenticated, low-complexity DoS with limited availability impact (VA:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker with network access to the device's HTTP web interface uses a readily available Slow Loris tool to open hundreds of partial HTTP connections, each drip-feeding incomplete request headers at slow intervals to prevent server-side timeout. Within seconds to minutes the embedded web server exhausts its connection pool, rendering the management interface unresponsive to any further legitimate administrator sessions. …
Remediation Apply the vendor-released patch available through the Teldat customer support portal at https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&none=true&language=en-US. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-37578 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy