CVE-2025-5873

Summary

A vulnerability was detected in eCharge Hardy Barth Salia PLCC up to 2.3.81. Affected by this issue is some unknown functionality of the file /firmware.php of the component Web UI. Performing a manipulation of the argument media results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
eCharge Hardy BarthSalia PLCC2.3.0affected
eCharge Hardy BarthSalia PLCC2.3.1affected
eCharge Hardy BarthSalia PLCC2.3.2affected
eCharge Hardy BarthSalia PLCC2.3.3affected
eCharge Hardy BarthSalia PLCC2.3.4affected
eCharge Hardy BarthSalia PLCC2.3.5affected
eCharge Hardy BarthSalia PLCC2.3.6affected
eCharge Hardy BarthSalia PLCC2.3.7affected
eCharge Hardy BarthSalia PLCC2.3.8affected
eCharge Hardy BarthSalia PLCC2.3.9affected
eCharge Hardy BarthSalia PLCC2.3.10affected
eCharge Hardy BarthSalia PLCC2.3.11affected
eCharge Hardy BarthSalia PLCC2.3.12affected
eCharge Hardy BarthSalia PLCC2.3.13affected
eCharge Hardy BarthSalia PLCC2.3.14affected
eCharge Hardy BarthSalia PLCC2.3.15affected
eCharge Hardy BarthSalia PLCC2.3.16affected
eCharge Hardy BarthSalia PLCC2.3.17affected
eCharge Hardy BarthSalia PLCC2.3.18affected
eCharge Hardy BarthSalia PLCC2.3.19affected
eCharge Hardy BarthSalia PLCC2.3.20affected
eCharge Hardy BarthSalia PLCC2.3.21affected
eCharge Hardy BarthSalia PLCC2.3.22affected
eCharge Hardy BarthSalia PLCC2.3.23affected
eCharge Hardy BarthSalia PLCC2.3.24affected
eCharge Hardy BarthSalia PLCC2.3.25affected
eCharge Hardy BarthSalia PLCC2.3.26affected
eCharge Hardy BarthSalia PLCC2.3.27affected
eCharge Hardy BarthSalia PLCC2.3.28affected
eCharge Hardy BarthSalia PLCC2.3.29affected
eCharge Hardy BarthSalia PLCC2.3.30affected
eCharge Hardy BarthSalia PLCC2.3.31affected
eCharge Hardy BarthSalia PLCC2.3.32affected
eCharge Hardy BarthSalia PLCC2.3.33affected
eCharge Hardy BarthSalia PLCC2.3.34affected
eCharge Hardy BarthSalia PLCC2.3.35affected
eCharge Hardy BarthSalia PLCC2.3.36affected
eCharge Hardy BarthSalia PLCC2.3.37affected
eCharge Hardy BarthSalia PLCC2.3.38affected
eCharge Hardy BarthSalia PLCC2.3.39affected
eCharge Hardy BarthSalia PLCC2.3.40affected
eCharge Hardy BarthSalia PLCC2.3.41affected
eCharge Hardy BarthSalia PLCC2.3.42affected
eCharge Hardy BarthSalia PLCC2.3.43affected
eCharge Hardy BarthSalia PLCC2.3.44affected
eCharge Hardy BarthSalia PLCC2.3.45affected
eCharge Hardy BarthSalia PLCC2.3.46affected
eCharge Hardy BarthSalia PLCC2.3.47affected
eCharge Hardy BarthSalia PLCC2.3.48affected
eCharge Hardy BarthSalia PLCC2.3.49affected
eCharge Hardy BarthSalia PLCC2.3.50affected
eCharge Hardy BarthSalia PLCC2.3.51affected
eCharge Hardy BarthSalia PLCC2.3.52affected
eCharge Hardy BarthSalia PLCC2.3.53affected
eCharge Hardy BarthSalia PLCC2.3.54affected
eCharge Hardy BarthSalia PLCC2.3.55affected
eCharge Hardy BarthSalia PLCC2.3.56affected
eCharge Hardy BarthSalia PLCC2.3.57affected
eCharge Hardy BarthSalia PLCC2.3.58affected
eCharge Hardy BarthSalia PLCC2.3.59affected
eCharge Hardy BarthSalia PLCC2.3.60affected
eCharge Hardy BarthSalia PLCC2.3.61affected
eCharge Hardy BarthSalia PLCC2.3.62affected
eCharge Hardy BarthSalia PLCC2.3.63affected
eCharge Hardy BarthSalia PLCC2.3.64affected
eCharge Hardy BarthSalia PLCC2.3.65affected
eCharge Hardy BarthSalia PLCC2.3.66affected
eCharge Hardy BarthSalia PLCC2.3.67affected
eCharge Hardy BarthSalia PLCC2.3.68affected
eCharge Hardy BarthSalia PLCC2.3.69affected
eCharge Hardy BarthSalia PLCC2.3.70affected
eCharge Hardy BarthSalia PLCC2.3.71affected
eCharge Hardy BarthSalia PLCC2.3.72affected
eCharge Hardy BarthSalia PLCC2.3.73affected
eCharge Hardy BarthSalia PLCC2.3.74affected
eCharge Hardy BarthSalia PLCC2.3.75affected
eCharge Hardy BarthSalia PLCC2.3.76affected
eCharge Hardy BarthSalia PLCC2.3.77affected
eCharge Hardy BarthSalia PLCC2.3.78affected
eCharge Hardy BarthSalia PLCC2.3.79affected
eCharge Hardy BarthSalia PLCC2.3.80affected
eCharge Hardy BarthSalia PLCC2.3.81affected

Weaknesses

  • CWE-434: Unrestricted Upload
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References