CVE-2025-10371 is a security vulnerability identified in version 2.2.0 of the eCharge Hardy Barth Salia PLCC product. The flaw resides in the handling of the /api.php endpoint, specifically in the processing of the 'setrfidlist' argument. This vulnerability allows an attacker to perform an unrestricted file upload remotely without any authentication or user interaction. The unrestricted upload means that an attacker can upload arbitrary files, potentially including malicious scripts or executables, to the server hosting the vulnerable application. This can lead to remote code execution, data compromise, or further system compromise depending on the nature of the uploaded files and the server configuration. The vulnerability has a CVSS 4.0 base score of 6.9, categorized as medium severity, with an attack vector of network (remote), low attack complexity, no privileges or user interaction required, and limited impact on confidentiality, integrity, and availability. The vendor has been contacted but has not responded or provided a patch, and although no known exploits are currently observed in the wild, a public exploit has been released, increasing the risk of exploitation. The lack of authentication and the ability to upload files unrestrictedly make this vulnerability particularly dangerous for exposed systems. The affected product, Salia PLCC, is likely used in environments related to e-mobility or charging infrastructure, given the vendor's profile, which could have operational implications if compromised.

For European organizations, especially those involved in electric vehicle charging infrastructure or related sectors where eCharge Hardy Barth Salia PLCC is deployed, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access, remote code execution, and potential disruption of charging services. This could impact business continuity, cause reputational damage, and potentially expose sensitive operational data. Given the critical role of charging infrastructure in supporting the EU's green energy and transportation initiatives, disruption or compromise could have broader economic and environmental consequences. Additionally, compromised systems could be used as pivot points for further attacks within organizational networks. The medium severity rating does not diminish the practical risk, especially since no authentication is required and the exploit is publicly available. Organizations relying on this product without mitigations are at risk of targeted attacks or opportunistic exploitation.

Since no official patch or vendor response is available, European organizations should implement compensating controls immediately. These include restricting network access to the /api.php endpoint by implementing strict firewall rules or network segmentation to limit exposure to trusted IP addresses only. Web application firewalls (WAFs) should be configured to detect and block suspicious file upload attempts, particularly those targeting the 'setrfidlist' parameter. Monitoring and logging of all upload activities on the affected endpoint should be enhanced to detect anomalous behavior promptly. Organizations should conduct thorough audits of existing uploaded files to identify any unauthorized or malicious content. If feasible, disabling or restricting the vulnerable functionality temporarily until a patch is available is recommended. Additionally, organizations should prepare incident response plans specific to this vulnerability and educate relevant personnel about the risks and detection methods. Finally, maintaining up-to-date backups and ensuring rapid recovery capabilities will mitigate potential damage from exploitation.