CVE-2025-5873 is a vulnerability identified in the eCharge Hardy Barth Salia PLCC product line, affecting all versions up to 2.3.81. The issue resides in the Web UI component, specifically in the /firmware.php file, where the 'media' argument can be manipulated to allow unrestricted file uploads. This vulnerability enables remote attackers to upload arbitrary files without requiring authentication or user interaction, which significantly lowers the barrier to exploitation. The unrestricted upload can be leveraged to deploy malicious firmware, web shells, or other malicious payloads, potentially leading to unauthorized control over the device, data leakage, or disruption of services. The vulnerability has a CVSS 4.0 base score of 5.3, indicating medium severity, with attack vector being network (remote), low attack complexity, no privileges required, and no user interaction needed. The impact on confidentiality, integrity, and availability is limited but present. The vendor was contacted but has not issued any response or patch, and no known exploits are currently observed in the wild, though a public exploit exists. This lack of vendor response and patch availability increases the risk for organizations relying on this product. The vulnerability affects a wide range of versions, indicating a long-standing issue that could impact many deployed devices. The unrestricted upload flaw is a critical security weakness in embedded device management interfaces, often targeted by attackers to gain persistent access or disrupt operations.

For European organizations, especially those in sectors relying on eCharge Hardy Barth Salia PLCC devices such as energy, manufacturing, or critical infrastructure, this vulnerability poses a tangible risk. Successful exploitation could allow attackers to upload malicious firmware or web shells, leading to unauthorized device control, data exfiltration, or operational disruption. This could impact the confidentiality of sensitive operational data, the integrity of device firmware and configurations, and the availability of critical services. Given the remote and unauthenticated nature of the exploit, attackers can target exposed devices over the network without needing insider access or user interaction. The lack of vendor response and patch increases the window of exposure, potentially inviting targeted attacks or opportunistic exploitation. Organizations may face regulatory and compliance risks if such devices are compromised, especially under GDPR and NIS Directive requirements. The medium severity rating suggests the impact is significant but not catastrophic; however, the broad version range affected and public exploit availability elevate the urgency for mitigation. Disruption or compromise of these devices could have cascading effects on operational technology environments and supply chains within Europe.

1. Immediately audit and inventory all eCharge Hardy Barth Salia PLCC devices in your environment to identify affected versions. 2. Restrict network access to the Web UI interface (/firmware.php), ideally isolating devices in segmented networks with strict firewall rules allowing only trusted management hosts. 3. Implement strong access controls and monitoring on management interfaces to detect anomalous file upload attempts or unusual traffic patterns. 4. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to flag exploitation attempts targeting the 'media' parameter. 5. Where possible, disable or restrict file upload functionality if not required for normal operations. 6. Regularly monitor vendor communications for patches or updates; apply them promptly once available. 7. Consider deploying application-layer gateways or web application firewalls (WAF) to filter and validate incoming requests to the Web UI. 8. Conduct penetration testing and vulnerability assessments focused on device management interfaces to identify similar weaknesses. 9. Maintain robust incident response plans tailored to embedded device compromise scenarios. 10. Engage with the vendor or community to push for a timely patch or workaround, given the vendor's current non-responsiveness.