Blog HackRTU

 

Aprende sobre vulnerabilidades, información técnica con una perspectiva diferente y estate a la última de todos los movimientos de HackRTU

 

Descubre los últimos artículos sobre ciberseguridad industrial, vulnerabilidades OT, análisis de dispositivos, investigaciones técnicas, 0‑days y noticias relevantes del sector. En el blog de HackRTU profundizamos en la seguridad de sistemas industriales, en la familia de estándares IEC 62443 y tendencias e investigación en el ámbito de la ciberseguridad industrial.

 

CVE-2026-27868 affecting REGESTA SMART HD-PLC FROM TELDAT

 

ADVISORY HRTU#0003

 

 

The HackRTU CNA has coordinated the new vulnerability CVE-2026-27868, from medium severity, in the Regesta Smart HD-PLC - TLDPH16D2 industrial router device of Teldat. These vulnerabilities have been discovered by Aarón Flecha Menéndez and Víctor Bello Cuevas.

 

DETAILS OF THE AFFECTED SOLUTION:

  • Provider: Teldat
  • Specific model: Regesta Smart HD-PLC - TLDPH16D2
  • Affected firmware version: 11.02.05.10.02

 

SPECIFIC INFORMATION OF THE 0-DAY VULNERABILITY:

The vulnerabilities have been assigned the following codes, CVSS v4.0 base score, CVSS vector, CWE and CAPEC vulnerability type for each vulnerability:

  • CVE-2026-27868: PUBLICATION OF SENSITIVE INFORMATION ON REGESTA SMART HD-PLC OF TELDAT
    • CVSS v4.0: 6,9 (Medium)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
    • CWE-201 Insertion of sensitive information into sent data
    • CAPEC-116 Excavation
      • CAPEC-54 Query System for Information
    • CPE 2.3 Applicability:
      • cpe:2.3:a:teldat:regesta_smart_hd-plc_-_tldph16d2:11.02.05.10.02:*:*:*:*:*:*:*
    • EPSS: **Will be updated as soon as published**

 

CVE DESCRIPTION

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in an information disclosure.

This issue affects Regesta Smart HD-PLC - TLDPH16D2: 11.02.05.10.02.

SOLUTIONS, MITIGATIONS AND INFORMATION:

The provider has implemented the new version 11.02.06.00.02 which solves the security problems detected in the affected version. The end user has to download the new version in the Teldat - Client Support Portal and implement it in the device (https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&none=true&language=en-US).

 

REFERENCES:

Specific links related to the notice:

 

 

HACKRTU TEAM