Regesta Smart Hd Plc Tldph16D2
Monthly
The web management interface of the Teldat Regesta Smart HD-PLC (model TLDPH16D2, firmware 11.02.05.10.02) is susceptible to resource exhaustion via a Slow Loris attack, making the administrative interface unavailable to legitimate operators. An unauthenticated network attacker can trigger this condition without any prior registration or credentials, as the embedded web server imposes no connection-hold limits or timeouts per CWE-770. No public exploit code or active exploitation has been identified at time of analysis; a vendor-released patch is available through the Teldat support portal.
Stored cross-site scripting in Teldat's Regesta Smart HD-PLC (TLDPH16D2, firmware 11.02.05.10.02) allows a privileged, authenticated attacker to inject arbitrary JavaScript into the device's 'Hostname' configuration field, which executes in the browser of any user who subsequently loads the `/upgrade/query.php?cmd=p+3%3Bversion` endpoint. The CVSS 4.0 score of 4.8 reflects meaningful constraints: high-privilege access (PR:H) is required to write the malicious configuration, and victim user interaction (UI:P) is needed to trigger execution. No public exploit identified at time of analysis and not listed in CISA KEV; a vendor patch is available.
Unauthenticated information disclosure in the Teldat Regesta Smart HD-PLC (model TLDPH16D2, firmware 11.02.05.10.02) exposes version and privilege data via a PHP-based upgrade query endpoint accessible over the network without any login or registration. An attacker sends a crafted HTTP request to /upgrade/query.php?cmd=p+3&3Bversion and receives sensitive system metadata in the response, violating CWE-201 by returning information that should be restricted. No active exploitation has been confirmed (not in CISA KEV), and the direct impact is limited to confidentiality, but the exposed data can enable targeted follow-on attacks against this HD-PLC networking device.
The web management interface of the Teldat Regesta Smart HD-PLC (model TLDPH16D2, firmware 11.02.05.10.02) is susceptible to resource exhaustion via a Slow Loris attack, making the administrative interface unavailable to legitimate operators. An unauthenticated network attacker can trigger this condition without any prior registration or credentials, as the embedded web server imposes no connection-hold limits or timeouts per CWE-770. No public exploit code or active exploitation has been identified at time of analysis; a vendor-released patch is available through the Teldat support portal.
Stored cross-site scripting in Teldat's Regesta Smart HD-PLC (TLDPH16D2, firmware 11.02.05.10.02) allows a privileged, authenticated attacker to inject arbitrary JavaScript into the device's 'Hostname' configuration field, which executes in the browser of any user who subsequently loads the `/upgrade/query.php?cmd=p+3%3Bversion` endpoint. The CVSS 4.0 score of 4.8 reflects meaningful constraints: high-privilege access (PR:H) is required to write the malicious configuration, and victim user interaction (UI:P) is needed to trigger execution. No public exploit identified at time of analysis and not listed in CISA KEV; a vendor patch is available.
Unauthenticated information disclosure in the Teldat Regesta Smart HD-PLC (model TLDPH16D2, firmware 11.02.05.10.02) exposes version and privilege data via a PHP-based upgrade query endpoint accessible over the network without any login or registration. An attacker sends a crafted HTTP request to /upgrade/query.php?cmd=p+3&3Bversion and receives sensitive system metadata in the response, violating CWE-201 by returning information that should be restricted. No active exploitation has been confirmed (not in CISA KEV), and the direct impact is limited to confidentiality, but the exposed data can enable targeted follow-on attacks against this HD-PLC networking device.