top of page
perceptive_background_267k.jpg

Hardy Barth Salia EV Charge Controller

Published:

21 April 2026 at 12:00:00

Alert date:

21 April 2026 at 18:10:28

Source:

cisa.gov

Click to open the original link from this advisory

Critical Infrastructure, Mobile & IoT

CISA advisory for Hardy Barth Salia EV Charge Controller firmware versions <=2.3.81 containing two critical vulnerabilities (CVE-2025-5873 and CVE-2025-10371). Both vulnerabilities involve unrestricted file upload flaws that can lead to remote code execution. CVE-2025-5873 affects /firmware.php in the Web UI with CVSS 6.3, while CVE-2025-10371 affects /api.php with CVSS 7.3. Public proof-of-concept exploits are available. Hardy Barth did not respond to CISA coordination efforts. These vulnerabilities impact critical infrastructure in Energy and Transportation sectors globally.

Technical details

Mitigation steps:

Affected products:

Hardy Barth Salia EV Charge Controller

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-05
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-05.json
https://www.cve.org/CVERecord?id=CVE-2025-5873
https://www.cve.org/CVERecord?id=CVE-2025-10371
https://www.hardy-barth.de/de/kontakt
https://www.echarge.de/en/contact_company
https://cwe.mitre.org/data/definitions/434.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page