{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27869", "assignerOrgId": "ffb98d57-deaa-4918-a669-5225ccc13e39", "state": "PUBLISHED", "assignerShortName": "HackRTU", "dateReserved": "2026-02-24T08:59:28.139Z", "datePublished": "2026-06-17T08:13:37.802Z", "dateUpdated": "2026-06-17T14:20:21.690Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ffb98d57-deaa-4918-a669-5225ccc13e39", "shortName": "HackRTU", "dateUpdated": "2026-06-17T11:44:59.706Z"}, "title": "WEB SERVICE (HTTP) DENIAL OF SERVICE VIA SLOW HEADERS ON REGESTA SMART HD-PLC OF TELDAT", "datePublic": "2026-06-17T08:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-770", "description": "CWE-770 Allocation of resources without limits or throttling", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-227", "descriptions": [{"lang": "en", "value": "CAPEC-227 Sustained Client Engagement"}]}, {"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469 HTTP DoS"}]}], "affected": [{"vendor": "Teldat", "product": "Regesta Smart HD-PLC - TLDPH16D2", "versions": [{"status": "affected", "version": "11.02.05.10.02"}, {"status": "unaffected", "version": "11.02.06.00.02"}], "defaultStatus": "unknown"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:teldat:regesta_smart_hd-plc_-_tldph16d2:11.02.05.10.02:*:*:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:teldat:regesta_smart_hd-plc_-_tldph16d2:11.02.06.00.02:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en", "value": "An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service (DoS) on the web interface of the device.\u00a0This issue affects Regesta Smart HD-PLC - TLDPH16D2: \n11.02.05.10.02.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris attack, cause <b>Denial of Service (DoS)</b> on the web interface of the device.&nbsp;<span>T</span><span>his issue affects Regesta Smart HD-PLC - TLDPH16D2: \n11.02.05.10.02.</span><br>"}]}], "references": [{"url": "https://www.hackrtu.com/blog/CNA-HRTU-0002/", "tags": ["technical-description", "patch"]}, {"url": "https://www.hackrtu.com/blog/CNA-CVE-2026-27869/", "tags": ["technical-description", "patch"]}, {"url": "https://www.teldat.com/es/", "tags": ["product"]}, {"url": "https://support.teldat.com/images/content/docs/Teldat_dm1087_regesta_smart_nessum_series_installation(1).pdf", "tags": ["product"]}, {"url": "https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&none=true&language=en-US", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}}], "solutions": [{"lang": "en", "value": "The provider has implement the new version\u00a011.02.06.00.02\u00a0which solves the security problems detected in the affected version. The end user has to download the new version in the Teldat - Client Support Portal and implement it in the device (\n https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&none=true&language=en-US ).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The provider has implement the new version&nbsp;<b>11.02.06.00.02</b>&nbsp;which solves the security problems detected in the affected version. The end user has to download the new version in the <b>Teldat - Client Support Portal</b> and implement it in the device (\n<a href=\"https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&amp;none=true&amp;language=en-US\" title=\"https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&amp;none=true&amp;language=en-US\">https://support.teldat.com/portal/supportcontent?page=cgs-customer-global-support&amp;none=true&amp;language=en-US</a>)."}]}], "timeline": [{"time": "2026-02-20T09:00:00.000Z", "lang": "en", "value": "Vulnerability detection by the researchers"}, {"time": "2026-02-22T09:00:00.000Z", "lang": "en", "value": "Report from researchers to the CNA of HackRTU"}, {"time": "2026-02-25T09:00:00.000Z", "lang": "en", "value": "Report from HackRTU CNA to the provider"}, {"time": "2026-05-29T08:00:00.000Z", "lang": "en", "value": "New version published by the provider"}, {"time": "2026-06-17T08:00:00.000Z", "lang": "en", "value": "Vulnerabilities published by HackRTU's CNA"}], "credits": [{"lang": "en", "value": "Aar\u00f3n Flecha Men\u00e9ndez", "type": "finder"}, {"lang": "en", "value": "V\u00edctor Bello Cuevas", "type": "finder"}], "source": {"advisory": "HRTU#0003", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-17T14:20:10.059533Z", "id": "CVE-2026-27869", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T14:20:21.690Z"}}]}}

{}

{}

{}

{}