PatchSiren cyber security CVE debrief
CVE-2025-10371 Raw CVE debrief
CVE-2025-10371 is a high-severity vulnerability in Hardy Barth Salia Board Firmware <=2.3.81 affecting processing of /api.php. According to CISA, manipulation of the setrfidlist parameter can lead to unrestricted upload over the network. The advisory also states that a public exploit has been released and may be used in attacks, and that the vendor did not respond to CISA's coordination attempts. For operators of affected EV charging systems, this should be treated as an urgent exposure until a vendor fix or compensating control plan is available.
- Vendor
- Raw
- Product
- Hardy Barth Salia Board Firmware <=2.3.81
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-21
- Original CVE updated
- 2026-04-21
- Advisory published
- 2026-04-21
- Advisory updated
- 2026-04-21
Who should care
OT/ICS defenders, EV charging infrastructure operators, facility security teams, system integrators, and asset owners running Hardy Barth Salia Board Firmware <=2.3.81 or connected EV charge controller deployments.
Technical summary
CISA's advisory for CVE-2025-10371 describes an issue in eCharge Hardy Barth Salia PLCC 2.3.81 / Hardy Barth Salia Board Firmware <=2.3.81 involving unknown processing in /api.php. The setrfidlist argument can be manipulated to achieve unrestricted upload. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L (7.3 High), indicating network reachability, low attack complexity, and no privileges or user interaction required. CISA also notes that exploit code is public and the vendor did not respond to coordination.
Defensive priority
High. The combination of remote reachability, no required privileges or user interaction, and public exploit reporting makes this issue a near-term exposure for any internet-reachable or broadly accessible deployment.
Recommended defensive actions
- Identify all Hardy Barth Salia / eCharge charging controller instances and confirm whether firmware <=2.3.81 is present.
- Reduce exposure to /api.php and other management interfaces by limiting network reachability to trusted administrative networks only.
- Apply vendor guidance or firmware updates as soon as they become available; the supplied advisory does not list a fixed version.
- Monitor for unexpected uploads, new files, or anomalous requests involving setrfidlist and /api.php.
- Review segmentation and access controls around EV charging and OT management networks to limit blast radius.
- Contact Hardy Barth or eCharge using the vendor contact pages cited in the advisory to request remediation status and guidance.
- Use CISA ICS recommended practices and defense-in-depth guidance to strengthen monitoring, isolation, and recovery planning for affected deployments.
Evidence notes
All core claims in this debrief come from the supplied CISA CSAF advisory source item for ICSA-26-111-05 / CVE-2025-10371. The advisory states the affected product scope, the /api.php and setrfidlist condition, public exploit availability, and lack of vendor response. Timing context uses the provided CVE published/modified timestamps of 2026-04-21T05:00:00.000Z. No additional patch availability or fixed version is stated in the supplied corpus.
Official resources
-
CVE-2025-10371 CVE record
CVE.org
-
CVE-2025-10371 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA on 2026-04-21 in advisory ICSA-26-111-05. The advisory notes that the vendor did not respond to coordination attempts and that exploit code has been publicly released.