CP
cyberpings

Hardy Barth Salia EV Charge Controller - Critical Vulnerabilities Found

Critical vulnerabilities have been found in the Hardy Barth Salia EV Charge Controller. These flaws could allow remote code execution and crash the device. Immediate action is recommended to secure affected systems.

VulnerabilitiesHIGHUpdated: Published:

Original Reporting

CICISA Advisories·CISA

AI Summary

CyberPings AI·Reviewed by Rohit Rana

🎯Basically, there are serious flaws in the Hardy Barth EV charger that could let hackers take control.

What Happened

Recent advisories have revealed significant vulnerabilities in the Hardy Barth Salia EV Charge Controller. These flaws, identified as CVE-2025-5873 and CVE-2025-10371, can lead to remote code execution and potentially crash the device. The affected firmware versions are 2.3.81 and below.

The Flaw

The vulnerabilities stem from an unrestricted file upload capability in the device's web interface. This means that attackers can upload malicious files that the system may execute, leading to unauthorized access and control. The buffer overflow condition allows attackers to manipulate the system, making it a critical security risk.

What's at Risk

These vulnerabilities primarily affect the Energy and Transportation Systems sectors, as the Hardy Barth Salia EV Charge Controller is widely deployed in these critical infrastructure areas. If exploited, the consequences could be severe, impacting not just the devices but also the services they support.

Patch Status

As of now, there is no patch available from Hardy Barth. The company has not responded to requests for coordination from CISA, raising concerns about the urgency of addressing these vulnerabilities.

Immediate Actions

Organizations using the Hardy Barth Salia EV Charge Controller should take the following steps:

Containment

  • 1.Minimize network exposure for these devices. Ensure they are not directly accessible from the Internet.
  • 2.Isolate control systems from business networks using firewalls.

Remediation

  • 3.When remote access is necessary, utilize secure methods like VPNs and ensure they are updated.
  • 4.Conduct a thorough impact analysis and risk assessment before implementing any defensive measures.

Conclusion

The discovery of these vulnerabilities highlights the importance of maintaining robust security measures in critical infrastructure devices. Organizations must act swiftly to mitigate risks and protect their systems from potential exploitation.

🔒 Pro Insight

🔒 Pro insight: The unrestricted file upload vulnerability is a classic attack vector; organizations should prioritize immediate isolation and monitoring of affected devices.

CICISA Advisories· CISA
Read Original

Share

Related Pings

Preview image for Apache ActiveMQ Vulnerability - Thousands Still Unpatched
Vulnerabilities
HIGH

Apache ActiveMQ Vulnerability - Thousands Still Unpatched

A critical vulnerability in Apache ActiveMQ remains unpatched in thousands of instances, risking exploitation. CISA warns organizations to update immediately to prevent breaches.

CSCSO Online
Read PingRead Source
Preview image for Fortra Addresses Vulnerabilities in GoAnywhere MFT Software
Vulnerabilities
HIGH

Fortra Addresses Vulnerabilities in GoAnywhere MFT Software

Fortra has issued security advisories for vulnerabilities in their GoAnywhere MFT software. Versions prior to 7.10.0 are at risk of brute force attacks. Users should update immediately to secure their systems.

CCCanadian Cyber Centre Alerts
Read PingRead Source
Vulnerabilities
MEDIUM

Zero Motorcycles Firmware - Bluetooth Vulnerability Exposed

A Bluetooth vulnerability in Zero Motorcycles firmware allows unauthorized access to critical functions. Versions 44 and earlier are at risk, prompting a firmware update in May 2026.

CICISA Advisories
Read PingRead Source
Vulnerabilities
HIGH

Siemens SINEC NMS - Critical Authorization Bypass Vulnerability

Siemens has identified critical authorization bypass vulnerabilities in its SINEC NMS and Industrial Edge Management systems, urging users to update their software to mitigate risks.

CICISA Advisories
Read PingRead Source
Vulnerabilities
CRITICAL

SenseLive X3050 - Critical Vulnerabilities Exposed

Critical vulnerabilities in the SenseLive X3050 could allow attackers to take full control of devices. Users are urged to act quickly to secure their systems. Contact SenseLive for more information.

CICISA Advisories
Read PingRead Source
Vulnerabilities
HIGH

Silex Technology - Multiple Vulnerabilities Discovered

Silex Technology's SD-330AC and AMC Manager have critical vulnerabilities. Attackers could exploit these flaws to execute arbitrary code or cause denial-of-service. Users must update their systems immediately.

CICISA Advisories
Read PingRead Source