6.5
CVE-2025-5873
- EPSS 0.06%
- Veröffentlicht 09.06.2025 10:31:04
- Zuletzt bearbeitet 09.01.2026 01:15:42
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
A vulnerability was detected in eCharge Hardy Barth Salia PLCC up to 2.3.81. Affected by this issue is some unknown functionality of the file /firmware.php of the component Web UI. Performing a manipulation of the argument media results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellereCharge Hardy Barth
≫
Produkt
Salia PLCC
Version
2.3.0
Status
affected
Version
2.3.1
Status
affected
Version
2.3.2
Status
affected
Version
2.3.3
Status
affected
Version
2.3.4
Status
affected
Version
2.3.5
Status
affected
Version
2.3.6
Status
affected
Version
2.3.7
Status
affected
Version
2.3.8
Status
affected
Version
2.3.9
Status
affected
Version
2.3.10
Status
affected
Version
2.3.11
Status
affected
Version
2.3.12
Status
affected
Version
2.3.13
Status
affected
Version
2.3.14
Status
affected
Version
2.3.15
Status
affected
Version
2.3.16
Status
affected
Version
2.3.17
Status
affected
Version
2.3.18
Status
affected
Version
2.3.19
Status
affected
Version
2.3.20
Status
affected
Version
2.3.21
Status
affected
Version
2.3.22
Status
affected
Version
2.3.23
Status
affected
Version
2.3.24
Status
affected
Version
2.3.25
Status
affected
Version
2.3.26
Status
affected
Version
2.3.27
Status
affected
Version
2.3.28
Status
affected
Version
2.3.29
Status
affected
Version
2.3.30
Status
affected
Version
2.3.31
Status
affected
Version
2.3.32
Status
affected
Version
2.3.33
Status
affected
Version
2.3.34
Status
affected
Version
2.3.35
Status
affected
Version
2.3.36
Status
affected
Version
2.3.37
Status
affected
Version
2.3.38
Status
affected
Version
2.3.39
Status
affected
Version
2.3.40
Status
affected
Version
2.3.41
Status
affected
Version
2.3.42
Status
affected
Version
2.3.43
Status
affected
Version
2.3.44
Status
affected
Version
2.3.45
Status
affected
Version
2.3.46
Status
affected
Version
2.3.47
Status
affected
Version
2.3.48
Status
affected
Version
2.3.49
Status
affected
Version
2.3.50
Status
affected
Version
2.3.51
Status
affected
Version
2.3.52
Status
affected
Version
2.3.53
Status
affected
Version
2.3.54
Status
affected
Version
2.3.55
Status
affected
Version
2.3.56
Status
affected
Version
2.3.57
Status
affected
Version
2.3.58
Status
affected
Version
2.3.59
Status
affected
Version
2.3.60
Status
affected
Version
2.3.61
Status
affected
Version
2.3.62
Status
affected
Version
2.3.63
Status
affected
Version
2.3.64
Status
affected
Version
2.3.65
Status
affected
Version
2.3.66
Status
affected
Version
2.3.67
Status
affected
Version
2.3.68
Status
affected
Version
2.3.69
Status
affected
Version
2.3.70
Status
affected
Version
2.3.71
Status
affected
Version
2.3.72
Status
affected
Version
2.3.73
Status
affected
Version
2.3.74
Status
affected
Version
2.3.75
Status
affected
Version
2.3.76
Status
affected
Version
2.3.77
Status
affected
Version
2.3.78
Status
affected
Version
2.3.79
Status
affected
Version
2.3.80
Status
affected
Version
2.3.81
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.173 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.