CVE-2025-10371 is a security vulnerability identified in version 2.2.0 of the eCharge Hardy Barth Salia PLCC product. The flaw resides in the handling of the /api.php endpoint, specifically in the processing of the 'setrfidlist' argument. This vulnerability allows an attacker to perform an unrestricted file upload remotely without any authentication or user interaction. The unrestricted upload means that an attacker can upload arbitrary files, potentially including malicious scripts or executables, to the affected system. This can lead to further compromise such as remote code execution, data manipulation, or system takeover. The vulnerability has a CVSS 4.0 base score of 6.9, indicating a medium severity level. The vector metrics show that the attack can be performed remotely (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and partial impacts on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The vendor was notified early but did not respond or provide a patch, and no official patch links are available. Although no known exploits are currently observed in the wild, the exploit code has been publicly released, increasing the risk of exploitation. The vulnerability’s unrestricted upload capability makes it a critical entry point for attackers to deploy web shells or malware, potentially compromising the entire system and connected infrastructure. Given the nature of the product—likely related to charging infrastructure or industrial control systems—the impact could extend to operational disruptions or data breaches if exploited.

For European organizations using eCharge Hardy Barth Salia PLCC 2.2.0, this vulnerability poses a significant risk. The ability to upload arbitrary files remotely without authentication can lead to unauthorized access, data theft, or disruption of services. Organizations in sectors relying on this product, such as energy, industrial automation, or smart infrastructure, could face operational downtime, financial losses, and reputational damage. Since the vulnerability affects a component that may be part of critical infrastructure (e.g., electric vehicle charging stations or industrial control systems), exploitation could have cascading effects on service availability and safety. Additionally, the lack of vendor response and patch availability increases the window of exposure. European data protection regulations such as GDPR impose strict requirements on data security; a breach resulting from this vulnerability could lead to regulatory penalties. The medium severity rating suggests that while exploitation is feasible and impactful, it may require some technical skill to leverage fully. However, the public availability of exploit code lowers the barrier for attackers. Organizations should consider this vulnerability a priority for risk assessment and mitigation to avoid potential compromise and operational impact.

Given the absence of an official patch, European organizations should implement immediate compensating controls. First, restrict external access to the /api.php endpoint by applying network-level controls such as firewalls or VPNs to limit exposure only to trusted networks or IP addresses. Implement web application firewalls (WAFs) with custom rules to detect and block attempts to exploit the 'setrfidlist' parameter for file uploads. Conduct thorough logging and monitoring of API usage to detect anomalous upload activities. If possible, disable or restrict the functionality related to 'setrfidlist' until a patch is available. Perform regular integrity checks on the file system to detect unauthorized file additions or modifications. Employ endpoint detection and response (EDR) solutions to identify suspicious processes or behaviors indicative of exploitation. Engage with the vendor for updates and consider alternative products if the vendor remains unresponsive. Finally, conduct security awareness training for IT staff to recognize and respond to potential exploitation attempts promptly.