The vulnerability identified as CVE-2025-10371 affects the eCharge Hardy Barth Salia PLCC product line up to version 2.3.81. It resides in the handling of the /api.php endpoint, specifically in the processing of the setrfidlist parameter. Due to insufficient validation or sanitization, attackers can upload arbitrary files without any authentication or user interaction. This unrestricted upload flaw can be exploited remotely over the network, allowing adversaries to place malicious payloads on the server. Potential consequences include remote code execution, unauthorized access, data theft, or disruption of services managed by the affected product. The vulnerability has a CVSS 4.0 base score of 6.9, reflecting medium severity with network attack vector, no privileges or user interaction required, and limited impact on confidentiality, integrity, and availability. The vendor was notified early but has not issued any response or patch, increasing the risk exposure. The exploit code has been publicly released, which raises the likelihood of active exploitation. The affected versions span a wide range from 2.3.0 through 2.3.81, indicating a long-standing issue. The lack of vendor response and patch availability necessitates immediate defensive measures by users of this product.

For European organizations, the impact of this vulnerability can be significant, particularly for those relying on eCharge Hardy Barth Salia PLCC in critical infrastructure sectors such as energy management, industrial control, or smart grid systems. Successful exploitation could lead to unauthorized system access, enabling attackers to deploy malware, disrupt operations, or exfiltrate sensitive data. This could result in operational downtime, financial losses, regulatory penalties under GDPR for data breaches, and damage to reputation. Since the vulnerability allows remote, unauthenticated file uploads, attackers can bypass perimeter defenses if the API endpoint is exposed. The broad range of affected versions suggests many deployments remain vulnerable. The absence of vendor patches increases the window of exposure. European entities with interconnected systems or compliance requirements face elevated risks from this flaw.

Until an official patch is available, European organizations should implement the following mitigations: 1) Restrict network access to the /api.php endpoint by applying firewall rules or VPN-only access to limit exposure to trusted users and systems. 2) Deploy web application firewalls (WAFs) with custom rules to detect and block suspicious file upload attempts targeting the setrfidlist parameter. 3) Monitor logs and network traffic for unusual activity related to file uploads or API usage. 4) Conduct thorough audits of existing uploaded files to identify and remove any unauthorized content. 5) Employ intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts. 6) Isolate affected systems from critical networks where possible to contain potential breaches. 7) Prepare incident response plans specific to this vulnerability. 8) Engage with the vendor for updates and consider alternative solutions if remediation is delayed. 9) Educate relevant personnel about the risk and signs of exploitation. These targeted actions go beyond generic advice and focus on containment and detection in the absence of patches.