Critical Vulnerabilities in Hardy Barth Salia EV Charge Controller Expose Energy Infrastructure to Remote Attacks
Vulnerability coverage focused on affected versions, exploitability and patch or mitigation decisions.

Trust note:This alert is maintained under HackWatch's editorial policy, with visible source records, a named responsible editor and a correction channel for disputed facts.
The published article is checked against public sources before publication, and material corrections are reflected in the article update date.
Technical reviewer note: Marcin Pocztowski reviewed this alert on May 01, 2026 from an administrator's point of view, checking CVE-2025-5873, CVE-2025-10371 against vendor, CVE and advisory context before accepting the risk language. His remediation check is practical: confirm the affected version first, restrict reachable management surfaces as he would on Juniper, Cisco or Mikrotik routers, then patch or apply vendor mitigations only where the 3 corroborating sources supports that scope.
Review our editorial policy or send corrections to [email protected].
Mitigation available. Mitigation guidance or a workaround is available, but defenders should still verify rollout status and exposure.
Multiple critical vulnerabilities (CVE-2025-5873 and CVE-2025-10371) have been identified in the Hardy Barth Salia EV Charge Controller firmware version 2.3.81 and earlier. These flaws allow remote attackers to upload malicious files, potentially leading to device crashes and remote code execution. The vulnerabilities affect critical energy and transportation infrastructure worldwide. Despite early disclosure, Hardy Barth has not issued patches or coordinated with cybersecurity authorities, leaving users at high risk.
# Critical Vulnerabilities in Hardy Barth Salia EV Charge Controller Expose Energy Infrastructure to Remote Attacks
What happened
On April 21, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) publicly disclosed two critical security vulnerabilities affecting the Hardy Barth Salia EV Charge Controller, a device widely deployed in energy and transportation sectors globally. The vulnerabilities, tracked as CVE-2025-5873 and CVE-2025-10371, enable remote attackers to upload malicious files without restriction. Successful exploitation can lead to device crashes and remote code execution, posing a high risk to critical infrastructure.
Both vulnerabilities reside in the device's web interface components, specifically in the handling of file uploads via `/firmware.php` and `/api.php` endpoints. Proof-of-concept exploits have been publicly released, increasing the urgency for mitigation.
Confirmed facts
- Affected product: Hardy Barth Salia EV Charge Controller
- Firmware versions impacted: All versions up to and including 2.3.81
- Vulnerabilities:
- *CVE-2025-5873* — Unrestricted upload of dangerous file types via manipulation of the `media` argument in `/firmware.php`.
- *CVE-2025-10371* — Unrestricted upload via the `setrfidlist` argument in `/api.php`.
- Severity: CVE-2025-10371 has a CVSS v3.1 score of 7.3 (High), and CVE-2025-5873 has a score of 6.3 (Medium).
- Attack vector: Remote, unauthenticated attackers can exploit these vulnerabilities over the network.
- Impact: Potential device crash (denial of service) and remote code execution, which could allow attackers to control the EV charge controller.
- Vendor response: Hardy Barth has not responded to CISA's coordination requests and has not issued patches as of April 2026.
- Public exploit availability: Proof-of-concept code has been published, increasing the risk of widespread exploitation.
- CWE classification: Both vulnerabilities fall under CWE-434 (Unrestricted Upload of File with Dangerous Type).
Who is affected
The Hardy Barth Salia EV Charge Controller is used worldwide in critical infrastructure sectors, particularly:
- Energy sector: EV charging stations integrated into power grids.
- Transportation systems: Electric vehicle infrastructure at public and private facilities.
Organizations operating these devices, including utilities, commercial EV charging providers, and transportation authorities, are at risk. Because these controllers manage energy flow and access control, exploitation could disrupt charging services, cause physical damage to equipment, or serve as an entry point for broader network compromises.
What to do now
Given the high risk and lack of vendor patches, immediate defensive measures are essential:
- Isolate affected devices: Remove Hardy Barth Salia EV Charge Controllers from direct internet exposure. Place them behind firewalls or network segmentation barriers.
- Restrict network access: Limit access to the device management interfaces (`/firmware.php`, `/api.php`) to trusted internal networks only.
- Deploy VPNs: If remote access is necessary, enforce secure VPN connections with strong authentication.
- Monitor network traffic: Implement intrusion detection systems to flag suspicious file upload attempts or unusual activity targeting these endpoints.
- Contact Hardy Barth: Use official contact points ([Hardy Barth contact](https://www.hardy-barth.de/de/kontakt), [eCharge contact](https://www.echarge.de/en/contact_company)) to request updates and remediation status.
- Prepare for incident response: Develop plans to isolate or shut down compromised devices quickly to prevent lateral movement.
How to secure yourself
For organizations and administrators using Hardy Barth Salia EV Charge Controllers:
- Audit all devices: Identify and catalog all controllers running vulnerable firmware versions.
- Update network architecture: Enforce strict network segmentation separating EV controllers from business and public networks.
- Implement multi-factor authentication: Where possible, add MFA to device management portals.
- Regularly review logs: Check for unauthorized file uploads or configuration changes.
- Educate staff: Train operators and IT personnel on recognizing signs of exploitation and phishing attempts targeting EV infrastructure.
- Backup configurations: Maintain secure backups of device configurations to enable rapid restoration.
FAQ
What is the Hardy Barth Salia EV Charge Controller?
It is a hardware and firmware solution used to manage electric vehicle charging stations, controlling power delivery and access.
Are all Hardy Barth Salia devices vulnerable?
Only devices running firmware version 2.3.81 or earlier are confirmed vulnerable to these two critical flaws.
Can attackers exploit these vulnerabilities remotely?
Yes, the vulnerabilities allow unauthenticated remote attackers to upload malicious files, potentially taking control of the device.
Has Hardy Barth released patches?
As of April 2026, Hardy Barth has not released any patches or coordinated with authorities regarding these vulnerabilities.
What risks do these vulnerabilities pose?
Attackers can crash devices, execute arbitrary code, disrupt EV charging services, and potentially pivot into broader network environments.
How can I check if my device is vulnerable?
Check the firmware version on your Hardy Barth Salia EV Charge Controller. Versions up to 2.3.81 are affected.
What immediate steps should I take if I use these devices?
Isolate devices from the internet, restrict network access, monitor for suspicious activity, and contact Hardy Barth for updates.
Is there a public exploit?
Yes, proof-of-concept exploits have been publicly released, increasing the urgency for mitigation.
How can I protect my EV charging infrastructure in general?
Implement network segmentation, secure remote access with VPNs, apply strong authentication, and maintain up-to-date device inventories.
Why this matters
The Hardy Barth Salia EV Charge Controller vulnerabilities represent a significant threat to critical infrastructure, particularly as electric vehicle adoption accelerates globally. Compromised EV charge controllers could disrupt energy distribution, cause physical damage, or serve as footholds for attackers targeting broader energy and transportation networks.
The lack of vendor response highlights the challenges organizations face in securing industrial control systems and underscores the need for proactive network defenses and incident preparedness.
Sources and corroboration
This article is based on the official CISA ICS advisory ICSA-26-111-05 published on April 21, 2026. The advisory draws on multiple reports and includes public proof-of-concept exploit details authored by researcher YZS17. No conflicting reports have been found, and Hardy Barth has not issued public statements or patches as of this writing.
- [CISA ICS Advisory ICSA-26-111-05](https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-05)
- [Hardy Barth Contact Page](https://www.hardy-barth.de/de/kontakt)
- [eCharge Contact Page](https://www.echarge.de/en/contact_company)
---
*Stay informed and take immediate action to secure your EV charging infrastructure against these critical vulnerabilities.*
Sources used for this article
The Hacker News, cisa.gov
